Microsoft Windows Multiple Vulnerabilities (KB4038788)

2017-09-13T00:00:00

Description

This host is missing a critical security update according to Microsoft KB4038788

{"id": "OPENVAS:1361412562310811671", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038788)", "description": "This host is missing a critical security\n update according to Microsoft KB4038788", "published": "2017-09-13T00:00:00", "modified": "2020-06-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811671", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://support.microsoft.com/en-us/help/4038788"], "cvelist": ["CVE-2017-8746", "CVE-2017-8681", "CVE-2017-8643", "CVE-2017-8713", "CVE-2017-8724", "CVE-2017-8741", "CVE-2017-8757", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8751", "CVE-2017-8756", "CVE-2017-8682", "CVE-2017-11764", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8753", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8739", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8752", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8754", "CVE-2017-8735", "CVE-2017-8728", "CVE-2017-8597", "CVE-2017-8677", "CVE-2017-11766", "CVE-2017-8729", "CVE-2017-8649", "CVE-2017-8747", "CVE-2017-8740", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8660", "CVE-2017-8687", "CVE-2017-8734", "CVE-2017-8759", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8706", "CVE-2017-8716", "CVE-2017-8648", "CVE-2017-8712", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8755", "CVE-2017-8675", "CVE-2017-8723"], "immutableFields": [], "lastseen": "2020-06-08T23:19:39", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:6CA719CE-A47A-414E-8DBA-FFE14F20C0FF"]}, {"type": "canvas", "idList": ["OFFICE_WSDL"]}, {"type": "cert", "idList": ["VU:101048", "VU:240311"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0732", "CPAI-2017-0733", "CPAI-2017-0735", "CPAI-2017-0736", "CPAI-2017-0737", "CPAI-2017-0738", "CPAI-2017-0739", "CPAI-2017-0743", "CPAI-2017-0746", "CPAI-2017-0750", "CPAI-2017-0870", "CPAI-2017-1018"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2017-8759"]}, {"type": "cve", "idList": ["CVE-2017-0161", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8597", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8731", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"]}, {"type": "exploitdb", "idList": ["EDB-ID:42711"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:BF5C8288A392CBC3E7947C012FB8E11E"]}, {"type": "fireeye", "idList": ["FIREEYE:327A8F88F73C7D036A5D128A75C86E11", "FIREEYE:8DF2C812CF325AAB2F348273A03789F5", "FIREEYE:A19A2394490AB386D95215A17EEA2FC0", "FIREEYE:DE7D327A091FDB2A6C8A4AF7B6F71076", "FIREEYE:E28F2F7E1B1F4BDA33635C841E315BCA"]}, {"type": "fortinet", "idList": ["FG-IR-17-212"]}, {"type": "ics", "idList": ["AA20-133A"]}, {"type": "kaspersky", "idList": ["KLA11098", "KLA11099", "KLA11100", "KLA11101", "KLA11899"]}, {"type": "krebs", "idList": ["KREBS:F0163956314C713411403F8497E4F9A4"]}, {"type": "lenovo", "idList": ["LENOVO:PS500141-BLUETOOTH-BLUEBORNE-VULNERABILITIES-NOSID", "LENOVO:PS500141-NOSID"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:197219DC341BA8DE850FF6435F75C3A4", "MALWAREBYTES:2D17A77CBCBBFFE150012C3B71E53FC6"]}, {"type": "mmpc", "idList": ["MMPC:30A997667BFA925FD541E3DCB1F1DEB6", "MMPC:69455AB621A495CAB62392B8DB0987B3", "MMPC:6B8C3A836431A67926F568B51D67E59F", "MMPC:C13F25080AC9B1B34AF77630B988E9E8"]}, {"type": "mscve", "idList": ["MS:CVE-2017-0161", "MS:CVE-2017-11764", "MS:CVE-2017-11766", "MS:CVE-2017-8597", "MS:CVE-2017-8628", "MS:CVE-2017-8643", "MS:CVE-2017-8648", "MS:CVE-2017-8649", "MS:CVE-2017-8660", "MS:CVE-2017-8675", "MS:CVE-2017-8676", "MS:CVE-2017-8677", "MS:CVE-2017-8678", "MS:CVE-2017-8679", "MS:CVE-2017-8681", "MS:CVE-2017-8682", "MS:CVE-2017-8683", "MS:CVE-2017-8687", "MS:CVE-2017-8688", "MS:CVE-2017-8692", "MS:CVE-2017-8695", "MS:CVE-2017-8699", "MS:CVE-2017-8706", "MS:CVE-2017-8707", "MS:CVE-2017-8708", "MS:CVE-2017-8709", "MS:CVE-2017-8712", "MS:CVE-2017-8713", "MS:CVE-2017-8716", "MS:CVE-2017-8719", "MS:CVE-2017-8720", "MS:CVE-2017-8723", "MS:CVE-2017-8724", "MS:CVE-2017-8728", "MS:CVE-2017-8729", "MS:CVE-2017-8733", "MS:CVE-2017-8734", "MS:CVE-2017-8735", "MS:CVE-2017-8736", "MS:CVE-2017-8737", "MS:CVE-2017-8739", "MS:CVE-2017-8740", "MS:CVE-2017-8741", "MS:CVE-2017-8746", "MS:CVE-2017-8747", "MS:CVE-2017-8748", "MS:CVE-2017-8749", "MS:CVE-2017-8750", "MS:CVE-2017-8751", "MS:CVE-2017-8752", "MS:CVE-2017-8753", "MS:CVE-2017-8754", "MS:CVE-2017-8755", "MS:CVE-2017-8756", "MS:CVE-2017-8757", "MS:CVE-2017-8759"]}, {"type": "mskb", "idList": ["KB3213638", "KB3213641", "KB4011040", "KB4011134", "KB4025333", "KB4025337", "KB4025865", "KB4025866", "KB4025867", "KB4025868", "KB4025869", "KB4032201", "KB4034786", "KB4036586", "KB4038777", "KB4038779", "KB4038781", "KB4038782", "KB4038783", "KB4038786", "KB4038788", "KB4038792", "KB4038799", "KB4038874", "KB4039266", "KB4039325", "KB4039384", "KB4040955", "KB4040956", "KB4040957", "KB4040958", "KB4040959", "KB4040960", "KB4040964", "KB4040965", "KB4040966", "KB4040967", "KB4040971", "KB4040972", "KB4040973", "KB4040974", "KB4040975", "KB4040977", "KB4040978", "KB4040979", "KB4040980", "KB4040981", "KB4041083", "KB4041084", "KB4041085", "KB4041086", "KB4041090", "KB4041091", "KB4041092", "KB4041093"]}, {"type": "msrc", "idList": ["MSRC:2EBC1615B24AC4821703C4F7C38CE463"]}, {"type": "mssecure", "idList": ["MSSECURE:30A997667BFA925FD541E3DCB1F1DEB6", "MSSECURE:A133B2DDF50F8BE904591C1BB592991A"]}, {"type": "myhack58", "idList": ["MYHACK58:62201789258", "MYHACK58:62201789277", "MYHACK58:62201789305", "MYHACK58:62201789425", "MYHACK58:62201994516"]}, {"type": "nessus", "idList": ["MACOSX_MS17_SEP_OFFICE.NASL", "SMB_NT_MS17_SEP_4038777.NASL", "SMB_NT_MS17_SEP_4038781.NASL", "SMB_NT_MS17_SEP_4038782.NASL", "SMB_NT_MS17_SEP_4038783.NASL", "SMB_NT_MS17_SEP_4038788.NASL", "SMB_NT_MS17_SEP_4038792.NASL", "SMB_NT_MS17_SEP_4038799.NASL", "SMB_NT_MS17_SEP_4041083.NASL", "SMB_NT_MS17_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS17_SEP_OFFICE.NASL", "SMB_NT_MS17_SEP_OFFICE_VIEWERS.NASL", "SMB_NT_MS17_SEP_SKYPE.NASL", "SMB_NT_MS17_SEP_WIN2008.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811321", "OPENVAS:1361412562310811322", "OPENVAS:1361412562310811323", "OPENVAS:1361412562310811324", "OPENVAS:1361412562310811325", "OPENVAS:1361412562310811326", "OPENVAS:1361412562310811327", "OPENVAS:1361412562310811330", "OPENVAS:1361412562310811663", "OPENVAS:1361412562310811665", "OPENVAS:1361412562310811672", "OPENVAS:1361412562310811673", "OPENVAS:1361412562310811675", "OPENVAS:1361412562310811690", "OPENVAS:1361412562310811697", "OPENVAS:1361412562310811740", "OPENVAS:1361412562310811746", "OPENVAS:1361412562310811755", "OPENVAS:1361412562310811757", "OPENVAS:1361412562310811758", "OPENVAS:1361412562310811759", "OPENVAS:1361412562310811760", "OPENVAS:1361412562310811765", "OPENVAS:1361412562310811811", "OPENVAS:1361412562310811812", "OPENVAS:1361412562310811816", "OPENVAS:1361412562310811820", "OPENVAS:1361412562310811823", "OPENVAS:1361412562310811827", "OPENVAS:1361412562310811828", "OPENVAS:1361412562310811829"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:144148", "PACKETSTORM:144252", "PACKETSTORM:144292", "PACKETSTORM:144293", "PACKETSTORM:144299", "PACKETSTORM:144300", "PACKETSTORM:145007"]}, {"type": "pentestit", "idList": ["PENTESTIT:4BD75D96F8359A3C04C87CDD1210FFCF"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4", "QUALYSBLOG:B52BDC456D269490B2D446E678D17295"]}, {"type": "securelist", "idList": ["SECURELIST:376CB760FDD4E056A8D0695A9EB9756A", "SECURELIST:4FE9AF32AEB194433587B75288D50FDA", "SECURELIST:56D279C45B0C4431FBA76FDF2EC365A1", "SECURELIST:78FB952921DD97BAF55DA33811CB6FE4", "SECURELIST:A3CEAF1114E104F14254F7AF77D7D080", "SECURELIST:CE954DA57A5EE857B62F0E00D36A5003", "SECURELIST:D0FFA6E46D43B7A592C34676F2EF3EDB", "SECURELIST:D257E8B7FC070ED8409973F0F9A689E6", "SECURELIST:D7795824A5A02E1E45E51294D78CEBC2", "SECURELIST:FD71ACDBBCF57BD4C7DE182D2309BF9D"]}, {"type": "seebug", "idList": ["SSV:96467", "SSV:96484", "SSV:96874"]}, {"type": "symantec", "idList": ["SMNTC-100718", "SMNTC-100720", "SMNTC-100721", "SMNTC-100726", "SMNTC-100727", "SMNTC-100728", "SMNTC-100729", "SMNTC-100733", "SMNTC-100736", "SMNTC-100737", "SMNTC-100738", "SMNTC-100739", "SMNTC-100740", "SMNTC-100742", "SMNTC-100743", "SMNTC-100744", "SMNTC-100745", "SMNTC-100747", "SMNTC-100749", "SMNTC-100750", "SMNTC-100752", "SMNTC-100754", "SMNTC-100755", "SMNTC-100756", "SMNTC-100757", "SMNTC-100760", "SMNTC-100761", "SMNTC-100762", "SMNTC-100763", "SMNTC-100764", "SMNTC-100765", "SMNTC-100766", "SMNTC-100767", "SMNTC-100768", "SMNTC-100769", "SMNTC-100770", "SMNTC-100771", "SMNTC-100772", "SMNTC-100773", "SMNTC-100774", "SMNTC-100775", "SMNTC-100776", "SMNTC-100777", "SMNTC-100778", "SMNTC-100779", "SMNTC-100781", "SMNTC-100783", "SMNTC-100789", "SMNTC-100790", "SMNTC-100791", "SMNTC-100792", "SMNTC-100795", "SMNTC-100796", "SMNTC-100802", "SMNTC-100803", "SMNTC-100804"]}, {"type": "talosblog", "idList": ["TALOSBLOG:36D857BF71D07CAE276BCB26AC34D574", "TALOSBLOG:C840FAF5403868E1730CD6FB8F3F09E6", "TALOSBLOG:F661E733634AB3D9655B38A94F050A82"]}, {"type": "thn", "idList": ["THN:5133F80C8A11FE7678A971A326DDA682", "THN:5AD427A8B33BDFD2EE553727C6CE4EE0", "THN:649BE2C710B04C213ECB85D95D5F229A", "THN:C21D17F1D92C12B031AB9C761BBD004A"]}, {"type": "threatpost", "idList": ["THREATPOST:73E805ED92B364393EDD601647FE122D", "THREATPOST:742E793D712CB6B2F049DBEA5373016E", "THREATPOST:7E6EDF53838EEFD3BEAC32130CE58C38", "THREATPOST:D1D63DCBBB39C340EEEDB2544F4C7DB3"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:1C7972C77614398819AB69B2345DA453", "TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28"]}, {"type": "zdi", "idList": ["ZDI-17-724", "ZDI-17-726", "ZDI-17-728", "ZDI-17-729", "ZDI-17-734", "ZDI-17-735"]}, {"type": "zdt", "idList": ["1337DAY-ID-28535", "1337DAY-ID-28574", "1337DAY-ID-28575", "1337DAY-ID-28576", "1337DAY-ID-28577", "1337DAY-ID-28580", "1337DAY-ID-28582", "1337DAY-ID-28590", "1337DAY-ID-28591", "1337DAY-ID-28598", "1337DAY-ID-28599", "1337DAY-ID-28600", "1337DAY-ID-28601", "1337DAY-ID-29010"]}]}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:6CA719CE-A47A-414E-8DBA-FFE14F20C0FF"]}, {"type": "canvas", "idList": ["OFFICE_WSDL"]}, {"type": "cert", "idList": ["VU:101048", "VU:240311"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0870"]}, {"type": "cve", "idList": ["CVE-2017-0161", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8597", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"]}, {"type": "exploitdb", "idList": ["EDB-ID:42711"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:BF5C8288A392CBC3E7947C012FB8E11E"]}, {"type": "fireeye", "idList": ["FIREEYE:A19A2394490AB386D95215A17EEA2FC0", "FIREEYE:E28F2F7E1B1F4BDA33635C841E315BCA"]}, {"type": "fortinet", "idList": ["FG-IR-17-212"]}, {"type": "kaspersky", "idList": ["KLA11098", "KLA11099", "KLA11100", "KLA11101"]}, {"type": "krebs", "idList": ["KREBS:F0163956314C713411403F8497E4F9A4"]}, {"type": "lenovo", "idList": ["LENOVO:PS500141-NOSID"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:197219DC341BA8DE850FF6435F75C3A4", "MALWAREBYTES:2D17A77CBCBBFFE150012C3B71E53FC6"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2017-8746/", "MSF:ILITIES/MSFT-CVE-2017-8757/"]}, {"type": "mmpc", "idList": ["MMPC:30A997667BFA925FD541E3DCB1F1DEB6", "MMPC:69455AB621A495CAB62392B8DB0987B3"]}, {"type": "mscve", "idList": ["MS:CVE-2017-0161", "MS:CVE-2017-11764", "MS:CVE-2017-11766", "MS:CVE-2017-8597", "MS:CVE-2017-8628", "MS:CVE-2017-8643", "MS:CVE-2017-8648", "MS:CVE-2017-8649", "MS:CVE-2017-8660", "MS:CVE-2017-8675", "MS:CVE-2017-8676", "MS:CVE-2017-8677", "MS:CVE-2017-8678", "MS:CVE-2017-8679", "MS:CVE-2017-8681", "MS:CVE-2017-8682", "MS:CVE-2017-8683", "MS:CVE-2017-8687", "MS:CVE-2017-8688", "MS:CVE-2017-8692", "MS:CVE-2017-8695", "MS:CVE-2017-8699", "MS:CVE-2017-8706", "MS:CVE-2017-8707", "MS:CVE-2017-8708", "MS:CVE-2017-8709", "MS:CVE-2017-8712", "MS:CVE-2017-8713", "MS:CVE-2017-8716", "MS:CVE-2017-8719", "MS:CVE-2017-8720", "MS:CVE-2017-8723", "MS:CVE-2017-8724", "MS:CVE-2017-8728", "MS:CVE-2017-8729", "MS:CVE-2017-8733", "MS:CVE-2017-8734", "MS:CVE-2017-8735", "MS:CVE-2017-8736", "MS:CVE-2017-8737", "MS:CVE-2017-8739", "MS:CVE-2017-8740", "MS:CVE-2017-8741", "MS:CVE-2017-8746", "MS:CVE-2017-8747", "MS:CVE-2017-8748", "MS:CVE-2017-8749", "MS:CVE-2017-8750", "MS:CVE-2017-8751", "MS:CVE-2017-8752", "MS:CVE-2017-8753", "MS:CVE-2017-8754", "MS:CVE-2017-8755", "MS:CVE-2017-8756", "MS:CVE-2017-8757", "MS:CVE-2017-8759"]}, {"type": "mskb", "idList": ["KB4011040", "KB4036586", "KB4038788", "KB4041084", "KB4041090"]}, {"type": "mssecure", "idList": ["MSSECURE:30A997667BFA925FD541E3DCB1F1DEB6"]}, {"type": "myhack58", "idList": ["MYHACK58:62201789258", "MYHACK58:62201789277", "MYHACK58:62201789305", "MYHACK58:62201789425"]}, {"type": "nessus", "idList": ["MACOSX_MS17_SEP_OFFICE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811321", "OPENVAS:1361412562310811322", "OPENVAS:1361412562310811323", "OPENVAS:1361412562310811324", "OPENVAS:1361412562310811325", "OPENVAS:1361412562310811326", "OPENVAS:1361412562310811327", "OPENVAS:1361412562310811330", "OPENVAS:1361412562310811663", "OPENVAS:1361412562310811665", "OPENVAS:1361412562310811672", "OPENVAS:1361412562310811673", "OPENVAS:1361412562310811675", "OPENVAS:1361412562310811690", "OPENVAS:1361412562310811697", "OPENVAS:1361412562310811740", "OPENVAS:1361412562310811746", "OPENVAS:1361412562310811755", "OPENVAS:1361412562310811757", "OPENVAS:1361412562310811758", "OPENVAS:1361412562310811759", "OPENVAS:1361412562310811760", "OPENVAS:1361412562310811765", "OPENVAS:1361412562310811811", "OPENVAS:1361412562310811812", "OPENVAS:1361412562310811816", "OPENVAS:1361412562310811820", "OPENVAS:1361412562310811823", "OPENVAS:1361412562310811827", "OPENVAS:1361412562310811828", "OPENVAS:1361412562310811829"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:144148", "PACKETSTORM:144252", "PACKETSTORM:144292", "PACKETSTORM:144293", "PACKETSTORM:144299", "PACKETSTORM:144300", "PACKETSTORM:145007"]}, {"type": "pentestit", "idList": ["PENTESTIT:4BD75D96F8359A3C04C87CDD1210FFCF"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:B52BDC456D269490B2D446E678D17295"]}, {"type": "securelist", "idList": ["SECURELIST:376CB760FDD4E056A8D0695A9EB9756A", "SECURELIST:78FB952921DD97BAF55DA33811CB6FE4"]}, {"type": "seebug", "idList": ["SSV:96484", "SSV:96874"]}, {"type": "symantec", "idList": ["SMNTC-100768"]}, {"type": "talosblog", "idList": ["TALOSBLOG:36D857BF71D07CAE276BCB26AC34D574"]}, {"type": "thn", "idList": ["THN:5133F80C8A11FE7678A971A326DDA682", "THN:5AD427A8B33BDFD2EE553727C6CE4EE0", "THN:649BE2C710B04C213ECB85D95D5F229A", "THN:C21D17F1D92C12B031AB9C761BBD004A"]}, {"type": "threatpost", "idList": ["THREATPOST:73E805ED92B364393EDD601647FE122D", "THREATPOST:742E793D712CB6B2F049DBEA5373016E", "THREATPOST:D1D63DCBBB39C340EEEDB2544F4C7DB3"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28"]}, {"type": "zdi", "idList": ["ZDI-17-724", "ZDI-17-726", "ZDI-17-728", "ZDI-17-729", "ZDI-17-734", "ZDI-17-735"]}, {"type": "zdt", "idList": ["1337DAY-ID-28575", "1337DAY-ID-28576", "1337DAY-ID-28600"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-8746", "epss": "0.000580000", "percentile": "0.218420000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8681", "epss": "0.000970000", "percentile": "0.390060000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8643", "epss": "0.009590000", "percentile": "0.809020000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8713", "epss": "0.000670000", "percentile": "0.274250000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8724", "epss": "0.005720000", "percentile": "0.745680000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8741", "epss": "0.029110000", "percentile": "0.892240000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8757", "epss": "0.263890000", "percentile": "0.959710000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8707", "epss": "0.000670000", "percentile": "0.274250000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8695", "epss": "0.015060000", "percentile": "0.848980000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8751", "epss": "0.954540000", "percentile": "0.989250000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8756", "epss": "0.065370000", "percentile": "0.926010000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8682", "epss": "0.116850000", "percentile": "0.943540000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11764", "epss": "0.946820000", "percentile": "0.987380000", "modified": "2023-03-15"}, {"cve": "CVE-2017-0161", "epss": "0.280520000", "percentile": "0.960980000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8719", "epss": "0.000750000", "percentile": "0.304870000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8737", "epss": "0.293390000", "percentile": "0.961880000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8699", "epss": "0.068840000", "percentile": "0.927880000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8753", "epss": "0.065370000", "percentile": "0.926010000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8749", "epss": "0.065370000", "percentile": "0.926010000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8750", "epss": "0.021910000", "percentile": "0.876490000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8739", "epss": "0.018220000", "percentile": "0.863410000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8709", "epss": "0.000750000", "percentile": "0.304870000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8683", "epss": "0.006880000", "percentile": "0.770150000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8752", "epss": "0.065370000", "percentile": "0.926010000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8678", "epss": "0.000970000", "percentile": "0.390060000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8628", "epss": "0.001170000", "percentile": "0.440060000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8754", "epss": "0.003030000", "percentile": "0.648890000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8735", "epss": "0.005720000", "percentile": "0.745680000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8728", "epss": "0.293390000", "percentile": "0.961880000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8597", "epss": "0.013750000", "percentile": "0.842240000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8677", "epss": "0.002110000", "percentile": "0.572800000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11766", "epss": "0.065370000", "percentile": "0.926010000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8729", "epss": "0.946820000", "percentile": "0.987380000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8649", "epss": "0.088720000", "percentile": "0.935330000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8747", "epss": "0.065370000", "percentile": "0.926010000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8740", "epss": "0.946820000", "percentile": "0.987380000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8748", "epss": "0.029110000", "percentile": "0.892240000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8679", "epss": "0.002110000", "percentile": "0.572800000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8660", "epss": "0.058280000", "percentile": "0.922160000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8687", "epss": "0.000970000", "percentile": "0.390060000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8734", "epss": "0.946820000", "percentile": "0.987380000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8759", "epss": "0.973430000", "percentile": "0.997750000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8676", "epss": "0.046720000", "percentile": "0.913440000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8708", "epss": "0.000910000", "percentile": "0.374880000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8688", "epss": "0.002110000", "percentile": "0.572800000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8720", "epss": "0.001000000", "percentile": "0.398330000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8692", "epss": "0.293390000", "percentile": "0.961880000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8706", "epss": "0.000670000", "percentile": "0.274250000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8716", "epss": "0.000570000", "percentile": "0.217660000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8648", "epss": "0.013750000", "percentile": "0.842240000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8712", "epss": "0.000670000", "percentile": "0.274250000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8736", "epss": "0.008670000", "percentile": "0.798480000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8733", "epss": "0.002670000", "percentile": "0.625220000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8755", "epss": "0.946820000", "percentile": "0.987380000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8675", "epss": "0.000700000", "percentile": "0.284210000", "modified": "2023-03-15"}, {"cve": "CVE-2017-8723", "epss": "0.002830000", "percentile": "0.636430000", "modified": "2023-03-15"}], "vulnersScore": -0.2}, "_state": {"dependencies": 1678915652, "score": 1678916296, "epss": 1678933836}, "_internal": {"score_hash": "be31313a966d850fa7b42b8b80e6cdd5"}, "pluginID": "1361412562310811671", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038788)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811671\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8649\", \"CVE-2017-8660\", \"CVE-2017-8675\", \"CVE-2017-8737\",\n \"CVE-2017-8739\", \"CVE-2017-8740\", \"CVE-2017-8741\", \"CVE-2017-0161\",\n \"CVE-2017-11764\", \"CVE-2017-8719\", \"CVE-2017-8720\", \"CVE-2017-8723\",\n \"CVE-2017-8724\", \"CVE-2017-8728\", \"CVE-2017-8729\", \"CVE-2017-11766\",\n \"CVE-2017-8597\", \"CVE-2017-8628\", \"CVE-2017-8643\", \"CVE-2017-8648\",\n \"CVE-2017-8733\", \"CVE-2017-8734\", \"CVE-2017-8735\", \"CVE-2017-8736\",\n \"CVE-2017-8676\", \"CVE-2017-8677\", \"CVE-2017-8746\", \"CVE-2017-8747\",\n \"CVE-2017-8748\", \"CVE-2017-8678\", \"CVE-2017-8679\", \"CVE-2017-8749\",\n \"CVE-2017-8750\", \"CVE-2017-8751\", \"CVE-2017-8752\", \"CVE-2017-8753\",\n \"CVE-2017-8754\", \"CVE-2017-8681\", \"CVE-2017-8682\", \"CVE-2017-8755\",\n \"CVE-2017-8756\", \"CVE-2017-8757\", \"CVE-2017-8759\", \"CVE-2017-8683\",\n \"CVE-2017-8687\", \"CVE-2017-8688\", \"CVE-2017-8692\", \"CVE-2017-8695\",\n \"CVE-2017-8699\", \"CVE-2017-8706\", \"CVE-2017-8707\", \"CVE-2017-8708\",\n \"CVE-2017-8709\", \"CVE-2017-8712\", \"CVE-2017-8713\", \"CVE-2017-8716\");\n script_bugtraq_id(100754, 100757, 100752, 100749, 100761, 100763, 100764, 100728,\n 100726, 100768, 100777, 100739, 100733, 100729, 100745, 100744,\n 100747, 100750, 100737, 100738, 100740, 100743, 100755, 100767,\n 100760, 100765, 100766, 100769, 100720, 100770, 100771, 100775,\n 100776, 100779, 100727, 100772, 100778, 100718, 100721, 100742,\n 100781, 100736, 100756, 100762, 100773, 100783, 100789, 100790,\n 100791, 100792, 100795, 100796);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:31:28 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038788)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038788\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This security update includes improvements and\n fixes that resolves,\n\n - Internet Explorer 11's navigation bar with search box.\n\n - Internet Explorer where undo is broken if character conversion is canceled\n using IME.\n\n - Internet Explorer where graphics render incorrectly.\n\n - Internet Explorer where the Delete key functioned improperly.\n\n - NPS server where EAP TLS authentication was broken.\n\n - Security updates to Microsoft Graphics Component, Windows kernel-mode drivers,\n Windows shell, Microsoft Uniscribe, Microsoft Windows PDF Library, Windows TPM,\n Windows Hyper-V, Windows kernel, Windows DHCP Server, and Internet Explorer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to get information on the Hyper-V host operating system, could\n retrieve the base address of the kernel driver from a compromised process, could\n obtain information to further compromise the users system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038788\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.607\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.15063.0 - 11.0.15063.607\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "Windows : Microsoft Bulletins"}

{"nessus": [{"lastseen": "2023-03-12T14:33:45", "description": "The remote Windows host is missing security update 4038788.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - An information disclosure vulnerability exists when Microsoft Edge does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.\n (CVE-2017-8597)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8648)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.(CVE-2017-8677)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712,CVE-2017-8713)\n\n - A security feature bypass vulnerability exists when Windows Control Flow Guard mishandles objects in memory.\n (CVE-2017-8716)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. (CVE-2017-8720)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. (CVE-2017-8724)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8724, CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. (CVE-2017-8739)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8649, CVE-2017-8660, CVE-2017-8741)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n (CVE-2017-8746)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8747)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8734, CVE-2017-8751)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypass, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website. The attacker could also inject the malicious page into either a compromised website or an advertisement network. The update addresses the bypass by correcting how the Edge CSP validates documents. (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8729, CVE-2017-8740, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8597", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038788.NASL", "href": "https://www.tenable.com/plugins/nessus/103130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103130);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8597\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8648\",\n \"CVE-2017-8649\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8712\",\n \"CVE-2017-8713\",\n \"CVE-2017-8716\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8724\",\n \"CVE-2017-8728\",\n \"CVE-2017-8729\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8739\",\n \"CVE-2017-8740\",\n \"CVE-2017-8741\",\n \"CVE-2017-8746\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8751\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11764\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038788\");\n script_xref(name:\"MSFT\", value:\"MS17-4038788\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038788.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the user's system.\n (CVE-2017-8597)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8648)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.(CVE-2017-8677)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8706, CVE-2017-8707, \n CVE-2017-8712,CVE-2017-8713)\n\n - A security feature bypass vulnerability exists when\n Windows Control Flow Guard mishandles objects in memory.\n (CVE-2017-8716)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. (CVE-2017-8720)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. (CVE-2017-8724)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8724, CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. (CVE-2017-8739)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user.(CVE-2017-8649, CVE-2017-8660, CVE-2017-8741)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2017-8746)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8747)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741,\n CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8734, CVE-2017-8751)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content. To\n exploit the bypass, an attacker must trick a user into\n either loading a page containing malicious content or\n visiting a malicious website. The attacker could also\n inject the malicious page into either a compromised\n website or an advertisement network. The update\n addresses the bypass by correcting how the Edge CSP\n validates documents. (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8729, CVE-2017-8740,\n CVE-2017-8752, CVE-2017-8753, CVE-2017-8755,\n CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.\n (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038788/windows-10-update-kb4038788\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb942e3e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038788.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038788');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038788])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:07", "description": "The remote Windows host is missing security update 4038783.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system.\n (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality.\n (CVE-2017-8702)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.(CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.(CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8738, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038783.NASL", "href": "https://www.tenable.com/plugins/nessus/103129", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103129);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038783\");\n script_xref(name:\"MSFT\", value:\"MS17-4038783\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038783.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system.\n (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. \n (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system.\n (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality.\n (CVE-2017-8702)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system.(CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.(CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8738, CVE-2017-8752, CVE-2017-8753,\n CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038783/windows-10-update-kb4038783\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15cd901b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038783.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038783');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038783])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:34:54", "description": "The remote Windows host is missing security update 4038781.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8734)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8738, CVE-2017-8753, CVE-2017-8756)\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8759)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8681)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2017-8702)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8699) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "KB4038781: Windows 10 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038781.NASL", "href": "https://www.tenable.com/plugins/nessus/104385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104385);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11766\"\n );\n script_bugtraq_id(\n 98953,\n 100718,\n 100720,\n 100721,\n 100727,\n 100728,\n 100729,\n 100736,\n 100737,\n 100738,\n 100739,\n 100740,\n 100742,\n 100743,\n 100744,\n 100747,\n 100749,\n 100752,\n 100755,\n 100756,\n 100759,\n 100762,\n 100764,\n 100765,\n 100766,\n 100767,\n 100768,\n 100769,\n 100770,\n 100771,\n 100772,\n 100773,\n 100776,\n 100779,\n 100781,\n 100783,\n 100785,\n 100789,\n 100790,\n 100791,\n 100792,\n 100796,\n 100803,\n 100804\n );\n script_xref(name:\"MSKB\", value:\"4038781\");\n script_xref(name:\"MSFT\", value:\"MS17-4038781\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038781: Windows 10 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038781.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8706, CVE-2017-8707,\n CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8734)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked "safe\n for initialization" in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8738,\n CVE-2017-8753, CVE-2017-8756)\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. (CVE-2017-8759)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. (CVE-2017-8677,\n CVE-2017-8681)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2017-8702)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2017-8699)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038781/windows-10-update-kb4038781\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c29dee1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038781.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038781');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nos_name = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif(\"LTSB\" >!< os_name) audit(AUDIT_OS_NOT, \"Windows 10 version 1507 LTSB\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038781])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-13T17:06:48", "description": "The remote Windows host is missing security update 4038782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.(CVE-2017-8683)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.\n (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.\n (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality.\n (CVE-2017-8702)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system.\n input. (CVE-2017-8704)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8731, CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session.(CVE-2017-8746)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8738, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system.\n (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8704", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8731", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038782.NASL", "href": "https://www.tenable.com/plugins/nessus/103128", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103128);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8649\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8704\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8711\",\n \"CVE-2017-8712\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8731\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8746\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11764\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038782\");\n script_xref(name:\"MSFT\", value:\"MS17-4038782\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system.(CVE-2017-8683)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive.\n (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system.\n (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality.\n (CVE-2017-8702)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Virtual PCI on a host server fails to properly\n validate input from a privileged user on a guest\n operating system.\n input. (CVE-2017-8704)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8711,\n CVE-2017-8712, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8731, CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session.(CVE-2017-8746)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741,\n CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8738, CVE-2017-8752,\n CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system.\n (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038782/windows-10-update-kb4038782\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?62a3aab5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038782.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038782');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038782])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:07", "description": "The remote Windows host is missing security update 4038793 or cumulative update 4038792. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could cause the VM host agent service on the host operating system to execute arbitrary code. The Remote Desktop Virtual Host role is not enabled by default. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how VM host agent service validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038792.NASL", "href": "https://www.tenable.com/plugins/nessus/103131", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103131);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8759\"\n );\n script_xref(name:\"MSKB\", value:\"4038792\");\n script_xref(name:\"MSFT\", value:\"MS17-4038792\");\n script_xref(name:\"MSKB\", value:\"4038793\");\n script_xref(name:\"MSFT\", value:\"MS17-4038793\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038793\nor cumulative update 4038792. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. \n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive. To\n exploit the vulnerability, an attacker could send a\n specially crafted packet to a DHCP server. However, the\n DHCP server must be set to failover mode for the attack\n to succeed. The security update addresses the\n vulnerability by correcting how DHCP failover servers\n handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8707, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system. To\n exploit the vulnerability, an attacker could issue a\n specially crafted certificate on the guest operating\n system that could cause the VM host agent service on the\n host operating system to execute arbitrary code. The\n Remote Desktop Virtual Host role is not enabled by\n default. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on the host\n operating system. The security update addresses the\n vulnerability by correcting how VM host agent service\n validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. \n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038792/windows-8-1-update-kb4038792\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?085e4d22\");\n # https://support.microsoft.com/en-us/help/4038793/windows-8-1-update-kb4038793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf3ecec7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038793 or Cumulative update KB4038792.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038792', '4038793');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038792, 4038793])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:46", "description": "The remote Windows host is missing security update 4038786 or cumulative update 4038799. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could cause the VM host agent service on the host operating system to execute arbitrary code. The Remote Desktop Virtual Host role is not enabled by default. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how VM host agent service validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows Server 2012 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8737", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8749", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038799.NASL", "href": "https://www.tenable.com/plugins/nessus/103132", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103132);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8737\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8749\",\n \"CVE-2017-8759\"\n );\n script_xref(name:\"MSKB\", value:\"4038786\");\n script_xref(name:\"MSFT\", value:\"MS17-4038786\");\n script_xref(name:\"MSKB\", value:\"4038799\");\n script_xref(name:\"MSFT\", value:\"MS17-4038799\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows Server 2012 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038786\nor cumulative update 4038799. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. \n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive. To\n exploit the vulnerability, an attacker could send a\n specially crafted packet to a DHCP server. However, the\n DHCP server must be set to failover mode for the attack\n to succeed. The security update addresses the\n vulnerability by correcting how DHCP failover servers\n handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system. To\n exploit the vulnerability, an attacker could issue a\n specially crafted certificate on the guest operating\n system that could cause the VM host agent service on the\n host operating system to execute arbitrary code. The\n Remote Desktop Virtual Host role is not enabled by\n default. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on the host\n operating system. The security update addresses the\n vulnerability by correcting how VM host agent service\n validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. \n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038786/windows-server-2012-update-kb4038786\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91b2bd74\");\n # https://support.microsoft.com/en-us/help/4038799/windows-server-2012-update-kb4038799\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35364720\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038786 or Cumulative update KB4038799.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038786', '4038799');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038786, 4038799])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:39", "description": "The remote Windows host is missing security update 4038779 or cumulative update 4038777. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684, CVE-2017-8685)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8696)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to open the file. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 7 and Windows Server 2008 R2 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8733", "CVE-2017-8736", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750"], "modified": "2020-11-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038777.NASL", "href": "https://www.tenable.com/plugins/nessus/103127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103127);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/02\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8685\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8710\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8733\",\n \"CVE-2017-8736\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\"\n );\n script_bugtraq_id(\n 98953,\n 100720,\n 100722,\n 100724,\n 100727,\n 100728,\n 100736,\n 100737,\n 100742,\n 100743,\n 100744,\n 100752,\n 100755,\n 100756,\n 100764,\n 100765,\n 100766,\n 100767,\n 100769,\n 100770,\n 100771,\n 100772,\n 100773,\n 100780,\n 100781,\n 100782,\n 100783,\n 100790,\n 100791,\n 100792,\n 100793,\n 100803,\n 100804\n );\n\n script_xref(name:\"MSKB\", value:\"4038779\");\n script_xref(name:\"MSFT\", value:\"MS17-4038779\");\n script_xref(name:\"MSKB\", value:\"4038777\");\n script_xref(name:\"MSFT\", value:\"MS17-4038777\");\n\n script_name(english:\"Windows 7 and Windows Server 2008 R2 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038779\nor cumulative update 4038777. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684, CVE-2017-8685)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8696)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. To exploit the\n vulnerability, an attacker could create a file\n containing specially crafted XML content and convince an\n authenticated user to open the file. The update\n addresses the vulnerability by modifying the way that\n the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038779/windows-7-update-kb4038779\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf7e8b94\");\n # https://support.microsoft.com/en-us/help/4038777/windows-7-update-kb4038777\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1dbb18cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038779 or Cumulative update KB4038777\nas well as refer to the KB article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8682\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('global_settings.inc');\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('smb_reg_query.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-09';\nkbs = make_list('4038779', '4038777');\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(\n os:'6.1',\n sp:1,\n rollup_date:'09_2017',\n bulletin:bulletin,\n rollup_kb_list:[4038779, 4038777]\n )\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:26", "description": "The remote Windows host is missing multiple security updates released on 2017/09/12. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.\n (CVE-2017-8707)\n\n - An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to open the file. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. (CVE-2017-8683)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, a user must open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by helping to ensure that Windows Shell validates file copy destinations.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory. (CVE-2017-8720)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The security update addresses the vulnerability by correcting how the Windows GDI+ component handles objects in memory.\n (CVE-2017-8680, CVE-2017-8681, CVE-2017-8684, CVE-2017-8685)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how GDI+ handles memory addresses. (CVE-2017-8688)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n To exploit the vulnerability, the attacker needs to be within the physical proximity of the targeted user, and the user's computer needs to have Bluetooth enabled. The attacker can then initiate a Bluetooth connection to the target computer without the user's knowledge. The security update addresses the vulnerability by correcting how Windows handles Bluetooth requests.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 2008 September 2017 Multiple Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8733", "CVE-2017-8741", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_WIN2008.NASL", "href": "https://www.tenable.com/plugins/nessus/103140", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103140);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8685\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8710\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8733\",\n \"CVE-2017-8741\",\n \"CVE-2017-8759\"\n );\n script_bugtraq_id(\n 100720,\n 100722,\n 100724,\n 100727,\n 100736,\n 100737,\n 100742,\n 100744,\n 100752,\n 100755,\n 100756,\n 100764,\n 100769,\n 100772,\n 100773,\n 100780,\n 100781,\n 100782,\n 100783,\n 100790,\n 100791,\n 100792,\n 100793,\n 100803,\n 100804\n );\n script_xref(name:\"MSKB\", value:\"4032201\");\n script_xref(name:\"MSFT\", value:\"MS17-4032201\");\n script_xref(name:\"MSKB\", value:\"4034786\");\n script_xref(name:\"MSFT\", value:\"MS17-4034786\");\n script_xref(name:\"MSKB\", value:\"4038874\");\n script_xref(name:\"MSFT\", value:\"MS17-4038874\");\n script_xref(name:\"MSKB\", value:\"4039038\");\n script_xref(name:\"MSFT\", value:\"MS17-4039038\");\n script_xref(name:\"MSKB\", value:\"4039266\");\n script_xref(name:\"MSFT\", value:\"MS17-4039266\");\n script_xref(name:\"MSKB\", value:\"4039325\");\n script_xref(name:\"MSFT\", value:\"MS17-4039325\");\n script_xref(name:\"MSKB\", value:\"4039384\");\n script_xref(name:\"MSFT\", value:\"MS17-4039384\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows 2008 September 2017 Multiple Security Updates\");\n script_summary(english:\"Checks the existence of Windows Server 2008 September 2017 Patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing multiple security updates released\non 2017/09/12. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. To exploit the vulnerability, an\n attacker on a guest operating system could run a\n specially crafted application that could cause the\n Hyper-V host operating system to disclose memory\n information. An attacker who successfully exploited the\n vulnerability could gain access to information on the\n Hyper-V host operating system. The security update\n addresses the vulnerability by correcting how Hyper-V\n validates guest operating system user input.\n (CVE-2017-8707)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. To exploit the\n vulnerability, an attacker could create a file\n containing specially crafted XML content and convince an\n authenticated user to open the file. The update\n addresses the vulnerability by modifying the way that\n the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. To exploit this\n vulnerability, an attacker would have to log on to an\n affected system and run a specially crafted application.\n The security update addresses the vulnerability by\n correcting how the Windows kernel handles memory\n addresses. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. To exploit this\n vulnerability, an attacker would have to log on to an\n affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute\n code or to elevate user rights directly, but it could be\n used to obtain information that could be used to try to\n further compromise the affected system. The update\n addresses the vulnerability by correcting the way in\n which the Windows Graphics Component handles objects in\n memory. (CVE-2017-8683)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. There are multiple ways an\n attacker could exploit this vulnerability. In a web-\n based attack scenario, an attacker could host a\n specially crafted website that is designed to exploit\n this vulnerability and then convince a user to view the\n website. An attacker would have no way to force users to\n view the attacker-controlled content. Instead, an\n attacker would have to convince users to take action,\n typically by getting them to click a link in an email\n message or in an Instant Messenger message that takes\n users to the attacker's website, or by opening an\n attachment sent through email. In a file sharing attack\n scenario, an attacker could provide a specially crafted\n document file that is designed to exploit this\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerabilities by correcting how the Windows font\n library handles embedded fonts. (CVE-2017-8682)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. To exploit the\n vulnerability, a user must open a specially crafted\n file. In an email attack scenario, an attacker could\n exploit the vulnerability by sending the specially\n crafted file to the user and then convincing the user to\n open the file. In a web-based attack scenario, an\n attacker could host a website (or leverage a compromised\n website that accepts or hosts user-provided content)\n that contains a specially crafted file designed to\n exploit the vulnerability. An attacker would have no way\n to force a user to visit the website. Instead, an\n attacker would have to convince a user to click a link,\n typically by way of an enticement in an email or Instant\n Messenger message, and then convince the user to open\n the specially crafted file. The security update\n addresses the vulnerability by helping to ensure that\n Windows Shell validates file copy destinations.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. To exploit this vulnerability, an attacker\n would have to log on to an affected system and run a\n specially crafted application. The security update\n addresses the vulnerability by correcting how the\n Windows kernel handles memory addresses. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. To exploit this vulnerability, an\n attacker would first have to log on to the system. An\n attacker could then run a specially crafted application\n that could exploit the vulnerability and take control of\n an affected system. The update addresses this\n vulnerability by correcting how Win32k handles objects\n in memory. (CVE-2017-8720)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. To exploit this\n vulnerability, an attacker would have to log on to an\n affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute\n code or to elevate user rights directly, but it could be\n used to obtain information that could be used to try to\n further compromise the affected system. The security\n update addresses the vulnerability by correcting how the\n Windows GDI+ component handles objects in memory.\n (CVE-2017-8680, CVE-2017-8681, CVE-2017-8684,\n CVE-2017-8685)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. The security update\n addresses the vulnerability by correcting how GDI+\n handles memory addresses. (CVE-2017-8688)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n To exploit the vulnerability, the attacker needs to be\n within the physical proximity of the targeted user, and\n the user's computer needs to have Bluetooth enabled. The\n attacker can then initiate a Bluetooth connection to the\n target computer without the user's knowledge. The\n security update addresses the vulnerability by\n correcting how Windows handles Bluetooth requests.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. To exploit this vulnerability, an attacker would\n have to log on to an affected system and run a specially\n crafted application. The vulnerability would not allow\n an attacker to execute code or to elevate user rights\n directly, but it could be used to obtain information\n that could be used to try to further compromise the\n affected system. The update addresses the vulnerability\n by correcting how the Windows kernel handles objects in\n memory. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/4032201/windows-kernel-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b4cfaff8\");\n # https://support.microsoft.com/en-us/help/4034786/bluetooth-driver-spoofing-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a43fdc7\");\n # https://support.microsoft.com/en-us/help/4038874/windows-kernel-information-disclosure-vulnerability-in-windows-server\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c6e0c59\");\n # https://support.microsoft.com/en-us/help/4039038/information-disclosure-vulnerability-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?28782454\");\n # https://support.microsoft.com/en-us/help/4039266/windows-shell-remote-code-execution-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2d3ffe7\");\n # https://support.microsoft.com/en-us/help/4039325/hyper-v-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09206238\");\n # https://support.microsoft.com/en-us/help/4039384/windows-uniscribe-vulnerabilities\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d820c79\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the following security updates :\n\n - KB4032201\n - KB4034786\n - KB4038874\n - KB4039038\n - KB4039266\n - KB4039325\n - KB4039384\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-08';\n\nkbs = make_list(\n \"4032201\",\n \"4034786\",\n \"4038874\",\n \"4039038\",\n \"4039266\",\n \"4039325\",\n \"4039384\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# KBs only apply to Windows 2008\nif (hotfix_check_sp_range(vista:'2') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nsystemroot = hotfix_get_systemroot();\nif (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');\n\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:systemroot);\nwinsxs_share = hotfix_path2share(path:systemroot);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:winsxs_share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, winsxs_share);\n}\n\nthe_session = make_array(\n 'login', login,\n 'password', pass,\n 'domain', domain,\n 'share', winsxs_share\n);\n\n# 4032201\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"-usermodensi_31bf3856ad364e35\", file_pat:\"^nsisvc\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19858','6.0.6002.24180'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4032201\", session:the_session);\n\n# 4034786 ; cannot locate on disk yet\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"bthpan.inf_31bf3856ad364e35\", file_pat:\"^bthpan\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19848','6.0.6002.24169'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4034786\", session:the_session);\n\n# 4038874\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"ntdll_31bf3856ad364e35\", file_pat:\"^ntdll\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19623','6.0.6002.24180'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4038874\", session:the_session);\n\n# 4039038\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"m..-management-console_31bf3856ad364e35\", file_pat:\"^mmc\\.exe$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19858', '6.0.6002.24180'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4039038\", session:the_session);\n\n# 4039266\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"shell32_31bf3856ad364e35\", file_pat:\"^shell32\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19861', '6.0.6002.24182'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4039266\", session:the_session);\n\n# 4039325 ; x64 only ; hyper-v\n#arch = get_kb_item_or_exit('SMB/ARCH');\n#if (arch == \"x64\")\n#{\n# files = list_dir(basedir:winsxs, level:0, dir_pat:\"vstack-vmwp_31bf3856ad364e35\", file_pat:\"^vmwp\\.exe$\", max_recurse:1);\n# vuln += hotfix_check_winsxs(os:'6.0',\n# sp:2,\n# files:files,\n# versions:make_list('6.0.6002.19858', '6.0.6002.24180'),\n# max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n# bulletin:bulletin,\n# kb:\"4039325\", session:the_session);\n#}\n\n# 4039384\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"win32k_31bf3856ad364e35\", file_pat:\"^win32k\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19836', '6.0.6002.24154'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4039384\", session:the_session);\n\nif (vuln > 0)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:40:09", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. (CVE-2017-8529)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-30T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-8733", "CVE-2017-8736", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750"], "modified": "2020-07-17T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:ie"], "id": "SMB_NT_MS17_SEP_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/104896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104896);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/17\");\n\n script_cve_id(\n \"CVE-2017-8529\",\n \"CVE-2017-8733\",\n \"CVE-2017-8736\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\"\n );\n script_bugtraq_id(\n 98953,\n 100737,\n 100743,\n 100764,\n 100765,\n 100766,\n 100770,\n 100771\n );\n script_xref(name:\"MSKB\", value:\"4036586\");\n script_xref(name:\"MSKB\", value:\"4038792\");\n script_xref(name:\"MSKB\", value:\"4038799\");\n script_xref(name:\"MSKB\", value:\"4038777\");\n script_xref(name:\"MSFT\", value:\"MS17-4036586\");\n script_xref(name:\"MSFT\", value:\"MS17-4038792\");\n script_xref(name:\"MSFT\", value:\"MS17-4038799\");\n script_xref(name:\"MSFT\", value:\"MS17-4038777\");\n\n script_name(english:\"Security Updates for Internet Explorer (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n affected Microsoft scripting engines do not properly\n handle objects in memory. The vulnerability could allow\n an attacker to detect specific files on the user's\n computer. (CVE-2017-8529)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked "safe\n for initialization" in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8741, CVE-2017-8748)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\");\n # https://support.microsoft.com/en-us/help/4036586/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?26b484bb\");\n # https://support.microsoft.com/en-us/help/4038792/windows-8-1-update-kb4038792\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?085e4d22\");\n # https://support.microsoft.com/en-us/help/4038799/windows-server-2012-update-kb4038799\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35364720\");\n # https://support.microsoft.com/en-us/help/4038777/windows-7-update-kb4038777\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1dbb18cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for the affected versions of Internet Explorer.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8741\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\"); \n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n script_copyright(english:\"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.\");\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_reg_query.inc\");\n\nfunction is_print_fix_enabled(kb)\n{\n var keyx86 = \"SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\\iexplore.exe\";\n var keyx64 = \"SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\\iexplore.exe\";\n registry_init();\n var result = check_print_fix(key:keyx86);\n var ret_result = FALSE;\n var report = '';\n if(result != 'set')\n {\n report += '\\nThe following registry key is required to enable the fix for CVE-2017-8529 and is ' + result + '\\n ';\n report += 'HKLM\\\\' + keyx86;\n report += '\\n';\n ret_result = TRUE;\n }\n var arch = get_kb_item('SMB/ARCH');\n if(!isnull(arch) && arch == 'x64')\n {\n var x64result = check_print_fix(key:keyx64);\n if(x64result != 'set')\n {\n report += '\\nThe following registry key is required to enable the fix for CVE-2017-8529 and is ' + x64result + '\\n ';\n report += 'HKLM\\\\' + keyx64;\n report += '\\n';\n ret_result = TRUE;\n }\n\n }\n close_registry();\n if(ret_result)\n { \n hotfix_add_report(bulletin:'MS17-06', kb:kb, report);\n }\n\n return ret_result;\n}\n\nfunction check_print_fix(key)\n{\n var hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n var key_h = get_registry_value(handle:hklm, item:key);\n RegCloseKey(handle:hklm);\n if(isnull(key_h))\n return 'missing.';\n else if(key_h == 0)\n return 'not enabled.';\n else\n return 'set';\n}\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-09';\nkbs = make_list(\n '4036586',\n '4038792',\n '4038799',\n '4038777'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.18792\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4036586\") ||\n\n # Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.22248\", min_version:\"10.0.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4036586\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.18792\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4036586\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21046\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4036586\")\n)\n hotfix_vuln = TRUE;\n printfixBool = is_print_fix_enabled(kb:'4036586');\n\nif(hotfix_vuln || printfixBool)\n{\n if (hotfix_vuln)\n {\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4036586 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4038792 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-09', kb:'4038792', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4038799 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-09', kb:'4038799', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4038777 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-09', kb:'4038777', report);\n }\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:39", "description": "The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Viewers (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8742"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:powerpoint_viewer", "cpe:/a:microsoft:word_viewer", "cpe:/a:microsoft:excel_viewer"], "id": "SMB_NT_MS17_SEP_OFFICE_VIEWERS.NASL", "href": "https://www.tenable.com/plugins/nessus/103135", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103135);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8631\",\n \"CVE-2017-8676\",\n \"CVE-2017-8682\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8742\"\n );\n script_bugtraq_id(\n 100741,\n 100751,\n 100755,\n 100772,\n 100773,\n 100780\n );\n script_xref(name:\"MSKB\", value:\"3128030\");\n script_xref(name:\"MSKB\", value:\"4011065\");\n script_xref(name:\"MSKB\", value:\"4011125\");\n script_xref(name:\"MSKB\", value:\"4011134\");\n script_xref(name:\"MSFT\", value:\"MS17-3128030\");\n script_xref(name:\"MSFT\", value:\"MS17-4011065\");\n script_xref(name:\"MSFT\", value:\"MS17-4011125\");\n script_xref(name:\"MSFT\", value:\"MS17-4011134\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Office Viewers (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. There are multiple ways an\n attacker could exploit this vulnerability. In a web-\n based attack scenario, an attacker could host a\n specially crafted website that is designed to exploit\n this vulnerability and then convince a user to view the\n website. An attacker would have no way to force users to\n view the attacker-controlled content. Instead, an\n attacker would have to convince users to take action,\n typically by getting them to click a link in an email\n message or in an Instant Messenger message that takes\n users to the attacker's website, or by opening an\n attachment sent through email. In a file sharing attack\n scenario, an attacker could provide a specially crafted\n document file that is designed to exploit this\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerabilities by correcting how the Windows font\n library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/3128030/descriptionofthesecurityupdateforpowerpointviewerseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60ba21b6\");\n # https://support.microsoft.com/en-us/help/4011065/descriptionofthesecurityupdateforexcelviewer2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60960496\");\n # https://support.microsoft.com/en-us/help/4011125/descriptionofthesecurityupdateforwordviewerseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a90e90a1\");\n # https://support.microsoft.com/en-us/help/4011134/descriptionofthesecurityupdateforwordviewerseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d857f2e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB3128030\n -KB4011065\n -KB4011125\n -KB4011134\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:powerpoint_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel_viewer\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3128030', # PowerPoint Viewer 2007\n '4011065', # Excel Viewer 2007 SP3\n '4011125', # Office Word Viewer\n '4011134' # Office Word Viewer\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\n######################################################################\n# Excel Viewer\n######################################################################\nfunction perform_excel_viewer_checks()\n{\n var excel_vwr_checks = make_array(\n \"12.0\", make_array(\"version\", \"12.0.6776.5000\", \"kb\", \"4011065\")\n );\n if (hotfix_check_office_product(product:\"ExcelViewer\", display_name:\"Excel Viewer\", checks:excel_vwr_checks, bulletin:bulletin))\n vuln = TRUE;\n}\n\n######################################################################\n# PowerPoint Viewer\n######################################################################\nfunction perform_powerpoint_viewer_checks()\n{\n var ppt_vwr_checks = make_array(\n \"14.0\", make_array(\"version\", \"14.0.7188.5000\", \"kb\", \"3128030\")\n );\n if (hotfix_check_office_product(product:\"PowerPointViewer\", display_name:\"PowerPoint Viewer\", checks:ppt_vwr_checks, bulletin:bulletin))\n vuln = TRUE;\n}\n\n######################################################################\n# Word Viewer\n######################################################################\nfunction perform_word_viewer_checks()\n{\n var install, installs, path;\n\n installs = get_kb_list(\"SMB/Office/WordViewer/*/ProductPath\");\n if(isnull(installs)) return NULL;\n\n foreach install (keys(installs))\n {\n path = installs[install];\n path = ereg_replace(pattern:'^(.+)\\\\\\\\[^\\\\\\\\]+\\\\.exe$', replace:\"\\1\\\", string:path, icase:TRUE);\n if(hotfix_check_fversion(path:path, file:\"gdiplus.dll\", version:\"11.0.8443.0\", kb:\"4011134\", product:\"Microsoft Word Viewer\") == HCF_OLDER)\n vuln = TRUE;\n }\n\n path = hotfix_get_officecommonfilesdir(officever:\"11.0\");\n path = hotfix_append_path(path:path, value:\"Microsoft Shared\\Office11\");\n if(hotfix_check_fversion(path:path, file:\"usp10.dll\", version:\"1.626.6002.24173\", kb:\"4011125\", product:\"Microsoft Word Viewer\") == HCF_OLDER)\n vuln = TRUE;\n}\n\n######################################################################\n# MAIN\n######################################################################\nperform_excel_viewer_checks();\nperform_powerpoint_viewer_checks();\nperform_word_viewer_checks();\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:00", "description": "The Microsoft Skype for Business or Microsoft Lync or Microsoft Live Meeting installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Skype for Business and Microsoft Lync and Microsoft Live Meeting (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:live_meeting_console", "cpe:/a:microsoft:skype_for_business", "cpe:/a:microsoft:live_meeting", "cpe:/a:microsoft:lync"], "id": "SMB_NT_MS17_SEP_SKYPE.NASL", "href": "https://www.tenable.com/plugins/nessus/103123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103123);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8695\", \"CVE-2017-8696\");\n script_bugtraq_id(100755, 100773, 100780);\n script_xref(name:\"MSKB\", value:\"4025865\");\n script_xref(name:\"MSKB\", value:\"4025866\");\n script_xref(name:\"MSKB\", value:\"4025867\");\n script_xref(name:\"MSKB\", value:\"4011040\");\n script_xref(name:\"MSKB\", value:\"3213568\");\n script_xref(name:\"MSKB\", value:\"4025868\");\n script_xref(name:\"MSKB\", value:\"4025869\");\n script_xref(name:\"MSFT\", value:\"MS17-4011107\");\n script_xref(name:\"MSFT\", value:\"MS17-4025865\");\n script_xref(name:\"MSFT\", value:\"MS17-4025866\");\n script_xref(name:\"MSFT\", value:\"MS17-4025867\");\n script_xref(name:\"MSFT\", value:\"MS17-4011040\");\n script_xref(name:\"MSFT\", value:\"MS17-3213568\");\n script_xref(name:\"MSFT\", value:\"MS17-4025868\");\n script_xref(name:\"MSFT\", value:\"MS17-4025869\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Skype for Business and Microsoft Lync and Microsoft Live Meeting (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Skype for Business or Microsoft Lync or Microsoft Live Meeting installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Skype for Business or Microsoft Lync or\nMicrosoft Live Meeting installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\");\n # https://support.microsoft.com/en-us/help/4011107/description-of-the-security-update-for-skype-for-business-2015-lync-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e352a51\");\n # https://support.microsoft.com/en-us/help/4025865/descriptionofthesecurityupdateforlync2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b9ff1ff\");\n # https://support.microsoft.com/en-us/help/4025866/descriptionofthesecurityupdateforlync2010attendeeseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56771a41\");\n # https://support.microsoft.com/en-us/help/4025867/descriptionofthesecurityupdateforlync2010attendeeseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1f4d2c3\");\n # https://support.microsoft.com/en-us/help/4011040/descriptionofthesecurityupdateforskypeforbusiness2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64c04506\");\n # https://support.microsoft.com/en-us/help/3213568/description-of-the-security-update-for-skype-for-business-2015-lync-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e876cd3b\");\n # https://support.microsoft.com/en-us/help/4025868/descriptionofthesecurityupdateforofficelivemeetingconsoleseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f49fe21\");\n # https://support.microsoft.com/en-us/help/4025869/descriptionofthesecurityupdateforofficelivemeetingadd-inseptember12-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e609f52\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4011107\n -KB4025865\n -KB4025866\n -KB4025867\n -KB4011040\n -KB3213568\n -KB4025868\n -KB4025869\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:live_meeting_console\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:skype_for_business\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:live_meeting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:lync\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_lync_server_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '4025868', # Live Meeting 2007 Console\n '4011040', # Skype for Business 2016\n '4011107', # Lync 2013 SP1\n '3213568', # Lync 2013 SP1\n '4025866', # Lync 2010 Attendee (Admin level install)\n '4025865', # Lync 2010\n '4025867', # Lync 2010 Attendee (User level install)\n '4025869' # Live Meeting 2007 Add-in\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, \"Failed to determine the location of %windir%.\");\n\nvuln = FALSE;\nport = kb_smb_transport();\n\n######################################################################\n# Skype for Business 2016 / Lync 2013 and 2010\n######################################################################\nfunction perform_skype_checks()\n{\n if (int(get_install_count(app_name:\"Microsoft Lync\")) <= 0)\n return NULL;\n\n var lync_install, lync_installs, kb, file, prod;\n var found, report, uninstall_key, uninstall_keys;\n\n lync_installs = get_installs(app_name:\"Microsoft Lync\");\n foreach lync_install (lync_installs[1])\n {\n\n if (\"Live Meeting 2007 Add-in\" >< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"lmaddins.dll\", version:\"8.0.6362.281\", min_version:\"8.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025869\", product:\"Live Meeting 2007 Add-in\") == HCF_OLDER)\n vuln = TRUE;\n }\n if (\"Live Meeting 2007 Console\" >< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"bgpubmgr.exe\", version:\"8.0.6362.281\", min_version:\"8.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025868\", product:\"Live Meeting 2007 Console\") == HCF_OLDER)\n vuln = TRUE;\n }\n # Lync 2010 checks\n if (lync_install[\"version\"] =~ \"^4\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n # Lync 2010\n if (\"Attendee\" >!< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"Ocpptview.dll\", version:\"4.0.7577.4540\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025865\", product:\"Microsoft Lync 2010\") == HCF_OLDER)\n vuln = TRUE;\n }\n # Lync 2010 Attendee\n else if (\"Attendee\" >< lync_install[\"Product\"])\n {\n if (\"user level\" >< tolower(lync_install[\"Product\"])) # User\n {\n if (hotfix_check_fversion(file:\"Ocpptview.dll\", version:\"4.0.7577.4540\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025867\", product:lync_install[\"Product\"]) == HCF_OLDER)\n vuln = TRUE;\n }\n else # Admin\n {\n if (hotfix_check_fversion(file:\"Ocpptview.dll\", version:\"4.0.7577.4540\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025866\", product:lync_install[\"Product\"]) == HCF_OLDER)\n vuln = TRUE;\n }\n }\n }\n # Lync on Skype 2016\n else if (lync_install[\"version\"] =~ \"^16\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n file = \"Lync.exe\";\n prod = \"Skype for Business 2016\";\n kb = \"4011040\";\n\n # MSI\n if (lync_install['Channel'] == \"MSI\" || empty_or_null(lync_install['Channel']))\n {\n if (hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n # Deferred\n else if (lync_install['Channel'] == \"Deferred\")\n {\n if (\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7766.2116\", channel:\"Deferred\", channel_version:\"1701\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n }\n else if (lync_install['Channel'] == \"First Release for Deferred\")\n {\n if (hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n else if (lync_install['Channel'] == \"Current\")\n {\n if (hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n } # Lync 2013 \n else if (lync_install[\"version\"] =~ \"^15\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"lync.exe\", version:\"15.0.4963.1000\", min_version:\"15.0.4000.1000\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4011107\", product:\"Microsoft Lync 2013\") == HCF_OLDER)\n vuln = TRUE;\n\n }\n }\n}\n\nperform_skype_checks();\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:12", "description": "The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8630, CVE-2017-8744)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8630", "CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8742", "CVE-2017-8744"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:office", "cpe:/a:microsoft:powerpoint", "cpe:/a:microsoft:excel"], "id": "SMB_NT_MS17_SEP_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/103133", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103133);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8630\",\n \"CVE-2017-8676\",\n \"CVE-2017-8682\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8742\",\n \"CVE-2017-8744\"\n );\n script_bugtraq_id(\n 100732,\n 100741,\n 100748,\n 100755,\n 100772,\n 100773,\n 100780\n );\n script_xref(name:\"MSKB\", value:\"4011055\");\n script_xref(name:\"MSKB\", value:\"3213649\");\n script_xref(name:\"MSKB\", value:\"4011038\");\n script_xref(name:\"MSKB\", value:\"3213626\");\n script_xref(name:\"MSKB\", value:\"3213646\");\n script_xref(name:\"MSKB\", value:\"3213641\");\n script_xref(name:\"MSKB\", value:\"3213642\");\n script_xref(name:\"MSKB\", value:\"3213564\");\n script_xref(name:\"MSKB\", value:\"3203474\");\n script_xref(name:\"MSKB\", value:\"3213638\");\n script_xref(name:\"MSKB\", value:\"4011103\");\n script_xref(name:\"MSKB\", value:\"4011126\");\n script_xref(name:\"MSKB\", value:\"4011063\");\n script_xref(name:\"MSKB\", value:\"4011062\");\n script_xref(name:\"MSKB\", value:\"3213551\");\n script_xref(name:\"MSKB\", value:\"3213631\");\n script_xref(name:\"MSFT\", value:\"MS17-4011055\");\n script_xref(name:\"MSFT\", value:\"MS17-3213649\");\n script_xref(name:\"MSFT\", value:\"MS17-4011038\");\n script_xref(name:\"MSFT\", value:\"MS17-3213626\");\n script_xref(name:\"MSFT\", value:\"MS17-3213646\");\n script_xref(name:\"MSFT\", value:\"MS17-3213641\");\n script_xref(name:\"MSFT\", value:\"MS17-3213642\");\n script_xref(name:\"MSFT\", value:\"MS17-3213564\");\n script_xref(name:\"MSFT\", value:\"MS17-3203474\");\n script_xref(name:\"MSFT\", value:\"MS17-3213638\");\n script_xref(name:\"MSFT\", value:\"MS17-4011103\");\n script_xref(name:\"MSFT\", value:\"MS17-4011126\");\n script_xref(name:\"MSFT\", value:\"MS17-4011063\");\n script_xref(name:\"MSFT\", value:\"MS17-4011062\");\n script_xref(name:\"MSFT\", value:\"MS17-3213551\");\n script_xref(name:\"MSFT\", value:\"MS17-3213631\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8630, CVE-2017-8744)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. There are multiple ways an\n attacker could exploit this vulnerability. In a web-\n based attack scenario, an attacker could host a\n specially crafted website that is designed to exploit\n this vulnerability and then convince a user to view the\n website. An attacker would have no way to force users to\n view the attacker-controlled content. Instead, an\n attacker would have to convince users to take action,\n typically by getting them to click a link in an email\n message or in an Instant Messenger message that takes\n users to the attacker's website, or by opening an\n attachment sent through email. In a file sharing attack\n scenario, an attacker could provide a specially crafted\n document file that is designed to exploit this\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerabilities by correcting how the Windows font\n library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/4011055/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d24309b\");\n # https://support.microsoft.com/en-us/help/3213649/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c95ea355\");\n # https://support.microsoft.com/en-us/help/4011038/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?69c44d41\");\n # https://support.microsoft.com/en-us/help/3213626/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40a27f00\");\n # https://support.microsoft.com/en-us/help/3213646/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a714c54e\");\n # https://support.microsoft.com/en-us/help/3213641/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b84ca703\");\n # https://support.microsoft.com/en-us/help/3213642/descriptionofthesecurityupdateforpowerpoint2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?607de17a\");\n # https://support.microsoft.com/en-us/help/3213564/descriptionofthesecurityupdateforoffice2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f846aeb6\");\n # https://support.microsoft.com/en-us/help/3203474/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7601f27e\");\n # https://support.microsoft.com/en-us/help/3213638/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4928d07a\");\n # https://support.microsoft.com/en-us/help/4011103/descriptionofthesecurityupdateforoffice2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa6bb9d8\");\n # https://support.microsoft.com/en-us/help/4011126/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d1e5263\");\n # https://support.microsoft.com/en-us/help/4011063/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b27cd572\");\n # https://support.microsoft.com/en-us/help/4011062/descriptionofthesecurityupdateforexcel2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7194ec3f\");\n # https://support.microsoft.com/en-us/help/3213551/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ecdeba5\");\n # https://support.microsoft.com/en-us/help/3213631/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2751aff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for Microsoft Office Products.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:powerpoint\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3213641', # Office 2007 SP3\n '3213646', # Office 2007 SP3\n '3213649', # Office 2007 SP3\n '4011063', # Office 2007 SP3\n '3213626', # Office 2010 SP2\n '3213631', # Office 2010 SP2\n '3213638', # Office 2010 SP2\n '4011055', # Office 2010 SP2\n '3213564', # Office 2013 SP1\n '4011103', # Office 2013 SP1\n '3203474', # Office 2016\n '3213551', # Office 2016\n '4011038', # Office 2016\n '4011126' # Office 2016\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\noffice_vers = hotfix_check_office_version();\n\n####################################################################\n# Office 2007 SP3 Checks\n####################################################################\nif (office_vers[\"12.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n prod = \"Microsoft Office 2007 SP3\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"12.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2006.1200.6776.5000\", min_version:\"2006.1200.0.0\", path:path, kb:\"3213646\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office12\"\n );\n if (hotfix_check_fversion(file:\"ogl.dll\", version:\"12.0.6776.5000\", path:path, kb:\"3213641\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"12.0.6777.5000\", path:path, kb:\"4011063\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"12.0\");\n if (hotfix_check_fversion(file:\"usp10.dll\", version:\"1.626.6002.24173\", path:path, kb:\"3213649\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2010 SP2 Checks\n####################################################################\nif (office_vers[\"14.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 2)\n {\n prod = \"Microsoft Office 2010 SP2\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"14.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office14\"\n );\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"14.0.7188.5002\", path:path, kb:\"4011055\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n if (hotfix_check_fversion(file:\"ogl.dll\", version:\"14.0.7188.5000\", path:path, kb:\"3213638\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2010.1400.7188.5000\", min_version:\"2010.1400.0.0\", path:path, kb:\"3213626\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"14.0\");\n if (hotfix_check_fversion(file:\"usp10.dll\", version:\"1.0626.7601.23883\", path:path, kb:\"3213631\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2013 SP1 Checks\n####################################################################\nif (office_vers[\"15.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2013/SP\");\n if (!isnull(office_sp) && office_sp == 1)\n {\n prod = \"Microsoft Office 2013 SP1\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"15.0\");\n\n path = hotfix_append_path(\n path : hotfix_get_officecommonfilesdir(officever:\"15.0\"),\n value : \"Microsoft Shared\\Office15\"\n );\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"15.0.4963.1002\", path:path, kb:\"4011103\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2012.1500.4963.1000\", min_version:\"2012.1500.0.0\", path:path, kb:\"3213564\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2016 Checks\n####################################################################\nif (office_vers[\"16.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2016/SP\");\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod = \"Microsoft Office 2016\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"16.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office16\"\n );\n kb = \"4011038\";\n file = \"mso99lwin32client.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n kb = \"4011126\";\n file = \"mso30win32client.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1002\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n kb = \"3213551\";\n file = \"wpft632.cnv\";\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\TextConv\"\n );\n if (\n hotfix_check_fversion(file:file, version:\"2012.1600.4588.1000\", min_version:\"2012.1600.0.0\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.7726.1057\", min_version:\"2012.1600.0.0\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8201.2193\", min_version:\"2012.1600.0.0\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8431.2079\", min_version:\"2012.1600.0.0\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8326.2107\", min_version:\"2012.1600.0.0\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"16.0\");\n kb = \"3203474\";\n file = \"igx.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n }\n}\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:25:32", "description": "This host is missing a critical security\n update according to Microsoft KB4038783", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038783)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8643", "CVE-2017-8713", "CVE-2017-8741", "CVE-2017-8757", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8756", "CVE-2017-8682", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8753", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8752", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8754", "CVE-2017-8735", "CVE-2017-8738", "CVE-2017-8728", "CVE-2017-8677", "CVE-2017-11766", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8660", "CVE-2017-8687", "CVE-2017-8734", "CVE-2017-8759", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8706", "CVE-2017-8702", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8755", "CVE-2017-8675", "CVE-2017-8723"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811759", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811759", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038783)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811759\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0161\", \"CVE-2017-11766\", \"CVE-2017-8720\", \"CVE-2017-8723\",\n \"CVE-2017-8728\", \"CVE-2017-8628\", \"CVE-2017-8643\", \"CVE-2017-8733\",\n \"CVE-2017-8734\", \"CVE-2017-8735\", \"CVE-2017-8736\", \"CVE-2017-8660\",\n \"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8737\", \"CVE-2017-8738\",\n \"CVE-2017-8741\", \"CVE-2017-8677\", \"CVE-2017-8678\", \"CVE-2017-8747\",\n \"CVE-2017-8748\", \"CVE-2017-8679\", \"CVE-2017-8749\", \"CVE-2017-8750\",\n \"CVE-2017-8752\", \"CVE-2017-8753\", \"CVE-2017-8754\", \"CVE-2017-8681\",\n \"CVE-2017-8682\", \"CVE-2017-8683\", \"CVE-2017-8755\", \"CVE-2017-8756\",\n \"CVE-2017-8757\", \"CVE-2017-8759\", \"CVE-2017-8687\", \"CVE-2017-8688\",\n \"CVE-2017-8692\", \"CVE-2017-8699\", \"CVE-2017-8702\", \"CVE-2017-8706\",\n \"CVE-2017-8707\", \"CVE-2017-8708\", \"CVE-2017-8709\", \"CVE-2017-8713\",\n \"CVE-2017-8719\", \"CVE-2017-8695\");\n script_bugtraq_id(100728, 100729, 100768, 100739, 100744, 100747, 100737, 100738,\n 100740, 100743, 100757, 100752, 100755, 100749, 100759, 100764,\n 100767, 100769, 100765, 100766, 100720, 100770, 100771, 100775,\n 100776, 100779, 100727, 100772, 100781, 100778, 100718, 100721,\n 100742, 100736, 100756, 100762, 100783, 100785, 100789, 100790,\n 100791, 100792, 100796, 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 15:18:56 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038783)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038783\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - When Windows Hyper-V on a host operating system fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - An error in Windows Error Reporting (WER) when WER handles and executes files.\n\n - When the Windows kernel fails to properly initialize a memory address,\n allowing an attacker to retrieve information that could lead to a Kernel Address\n Space Layout Randomization (KASLR) bypass.\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Microsoft Edge improperly handles clipboard events.\n\n - An error in Microsoft's implementation of the Bluetooth stack.\n\n - An error in the way that Microsoft browser JavaScript engines render content when\n handling objects in memory.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - An error due to the way Windows Uniscribe handles objects in memory.\n\n - When the Microsoft Windows Graphics Component improperly handles objects in\n memory.\n\n - When Microsoft browsers improperly access objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content\n Security Policy (CSP) fails to properly validate certain specially crafted\n documents.\n\n - An error in the way Microsoft Edge handles objects in memory.\n\n - When Internet Explorer improperly handles specific HTML content.\n\n - When Microsoft Windows PDF Library improperly handles objects in memory.\n\n - An error in Microsoft browsers due to improper parent domain verification in\n certain functionality.\n\n - When Microsoft Edge does not properly parse HTTP content.\n\n - An error in the way that the Windows Graphics Device Interface (GDI) handles\n objects in memory, allowing an attacker to retrieve information from a targeted\n system.\n\n - When the Windows GDI+ component improperly discloses kernel memory addresses.\n\n - An error in Windows when the Windows kernel-mode driver fails to properly handle\n objects in memory.\n\n - An error in the way that the Windows Graphics Device Interface+ (GDI+) handles\n objects in memory, allowing an attacker to retrieve information from a targeted\n system.\n\n - An error when Windows Shell does not properly validate file copy destinations.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\n\n - An error in Windows kernel that could allow an attacker to retrieve information\n that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When the Windows font library improperly handles specially crafted embedded\n fonts.\n\n - An error in Windows when the Win32k component fails to properly handle objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to\n gain access to potentially sensitive information, perform a man-in-the-middle\n attack and force a user's computer to unknowingly route traffic through the\n attacker's computer, embed an ActiveX control, execute arbitrary code, take control\n of the affected system, gain the same user rights as the current user, conduct\n phishing attack and conduct redirect attacks.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038783\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.1105\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10586.0 - 11.0.10586.1105\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:02", "description": "This host is missing a critical security\n update according to Microsoft KB4038781", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038781)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8643", "CVE-2017-8713", "CVE-2017-8741", "CVE-2017-8757", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8756", "CVE-2017-8682", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8753", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8754", "CVE-2017-8735", "CVE-2017-8738", "CVE-2017-8728", "CVE-2017-8677", "CVE-2017-11766", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8687", "CVE-2017-8734", "CVE-2017-8759", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8706", "CVE-2017-8702", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8675", "CVE-2017-8723"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811757", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811757", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038781)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811757\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0161\", \"CVE-2017-8719\", \"CVE-2017-8720\", \"CVE-2017-8723\",\n \"CVE-2017-8728\", \"CVE-2017-11766\", \"CVE-2017-8628\", \"CVE-2017-8643\",\n \"CVE-2017-8733\", \"CVE-2017-8734\", \"CVE-2017-8735\", \"CVE-2017-8736\",\n \"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8737\", \"CVE-2017-8738\",\n \"CVE-2017-8741\", \"CVE-2017-8677\", \"CVE-2017-8747\", \"CVE-2017-8748\",\n \"CVE-2017-8678\", \"CVE-2017-8679\", \"CVE-2017-8749\", \"CVE-2017-8750\",\n \"CVE-2017-8753\", \"CVE-2017-8681\", \"CVE-2017-8682\", \"CVE-2017-8754\",\n \"CVE-2017-8756\", \"CVE-2017-8757\", \"CVE-2017-8759\", \"CVE-2017-8683\",\n \"CVE-2017-8687\", \"CVE-2017-8688\", \"CVE-2017-8699\", \"CVE-2017-8702\",\n \"CVE-2017-8706\", \"CVE-2017-8707\", \"CVE-2017-8708\", \"CVE-2017-8709\",\n \"CVE-2017-8713\", \"CVE-2017-8692\", \"CVE-2017-8695\");\n script_bugtraq_id(100728, 100768, 100739, 100729, 100744, 100747, 100737, 100738,\n 100740, 100743, 100752, 100755, 100749, 100759, 100764, 100767,\n 100765, 100766, 100769, 100720, 100770, 100771, 100776, 100727,\n 100772, 100779, 100718, 100721, 100742, 100781, 100736, 100756,\n 100783, 100785, 100789, 100790, 100791, 100792, 100796, 100762,\n 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 16:02:14 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038781)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038781\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - When Windows Hyper-V on a host operating system fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - An error in Windows Error Reporting (WER) when WER handles and executes files.\n\n - When the Windows kernel fails to properly initialize a memory address,\n allowing an attacker to retrieve information that could lead to a Kernel Address\n Space Layout Randomization (KASLR) bypass.\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Microsoft Edge improperly handles clipboard events.\n\n - An error in Microsoft's implementation of the Bluetooth stack.\n\n - An error in the way that Microsoft browser JavaScript engines render content when\n handling objects in memory.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - An error due to the way Windows Uniscribe handles objects in memory.\n\n - When the Microsoft Windows Graphics Component improperly handles objects in\n memory.\n\n - When Microsoft browsers improperly access objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content\n Security Policy (CSP) fails to properly validate certain specially crafted\n documents.\n\n - An error in the way Microsoft Edge handles objects in memory.\n\n - When Internet Explorer improperly handles specific HTML content.\n\n - When Microsoft Windows PDF Library improperly handles objects in memory.\n\n - An error in Microsoft browsers due to improper parent domain verification in\n certain functionality.\n\n - When Microsoft Edge does not properly parse HTTP content.\n\n - An error in the way that the Windows Graphics Device Interface (GDI) handles\n objects in memory, allowing an attacker to retrieve information from a targeted\n system.\n\n - When the Windows GDI+ component improperly discloses kernel memory addresses.\n\n - An error in Windows when the Windows kernel-mode driver fails to properly handle\n objects in memory.\n\n - An error in the way that the Windows Graphics Device Interface+ (GDI+) handles\n objects in memory, allowing an attacker to retrieve information from a targeted\n system.\n\n - An error when Windows Shell does not properly validate file copy destinations.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\n\n - An error in Windows kernel that could allow an attacker to retrieve information\n that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When the Windows font library improperly handles specially crafted embedded\n fonts.\n\n - An error in Windows when the Win32k component fails to properly handle objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to\n gain access to potentially sensitive information, perform a man-in-the-middle\n attack and force a user's computer to unknowingly route traffic through the\n attacker's computer, embed an ActiveX control, execute arbitrary code, take control\n of the affected system, gain the same user rights as the current user, conduct\n phishing attack and conduct redirect attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038781\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17608\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10240.0 - 11.0.10240.17608\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:42:37", "description": "This host is missing a critical security\n update according to Microsoft KB4038792", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038792)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8713", "CVE-2017-8741", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8684", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8680", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8714", "CVE-2017-8728", "CVE-2017-8686", "CVE-2017-8677", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8687", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8675"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310811665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811665", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038792)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811665\");\n script_version(\"2019-12-20T12:42:55+0000\");\n script_cve_id(\"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8737\", \"CVE-2017-8741\",\n \"CVE-2017-0161\", \"CVE-2017-8720\", \"CVE-2017-8728\", \"CVE-2017-8628\",\n \"CVE-2017-8733\", \"CVE-2017-8736\", \"CVE-2017-8677\", \"CVE-2017-8678\",\n \"CVE-2017-8747\", \"CVE-2017-8748\", \"CVE-2017-8749\", \"CVE-2017-8679\",\n \"CVE-2017-8680\", \"CVE-2017-8681\", \"CVE-2017-8750\", \"CVE-2017-8682\",\n \"CVE-2017-8683\", \"CVE-2017-8684\", \"CVE-2017-8686\", \"CVE-2017-8687\",\n \"CVE-2017-8688\", \"CVE-2017-8692\", \"CVE-2017-8695\", \"CVE-2017-8699\",\n \"CVE-2017-8707\", \"CVE-2017-8708\", \"CVE-2017-8709\", \"CVE-2017-8713\",\n \"CVE-2017-8714\", \"CVE-2017-8719\");\n script_bugtraq_id(100752, 100755, 100749, 100764, 100728, 100739, 100744, 100737,\n 100743, 100767, 100769, 100765, 100766, 100770, 100720, 100722,\n 100727, 100771, 100772, 100781, 100782, 100730, 100736, 100756,\n 100762, 100773, 100783, 100790, 100791, 100792, 100796);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 12:42:55 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:14:23 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038792)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038792\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This security update includes improvements and\n fixes that resolves,\n\n - Internet Explorer 11's navigation bar with search box.\n\n - Internet Explorer where undo is broken if character conversion is canceled\n using IME.\n\n - Internet Explorer where graphics render incorrectly.\n\n - Internet Explorer where the Delete key functioned improperly.\n\n - NPS server where EAP TLS authentication was broken.\n\n - Security updates to Microsoft Graphics Component, Windows kernel-mode drivers,\n Windows shell, Microsoft Uniscribe, Microsoft Windows PDF Library, Windows TPM,\n Windows Hyper-V, Windows kernel, Windows DHCP Server, and Internet Explorer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to get information on the Hyper-V host operating system, could\n retrieve the base address of the kernel driver from a compromised process, could\n obtain information to further compromise the users system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038792\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"drivers\\vpcivsp.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.18790\"))\n{\n report = 'File checked: ' + sysPath + \"drivers\\vpcivsp.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.3.9600.18790\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:48:47", "description": "This host is missing a critical security\n update according to Microsoft KB4038782", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038782)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8704", "CVE-2017-8746", "CVE-2017-8681", "CVE-2017-8643", "CVE-2017-8713", "CVE-2017-8741", "CVE-2017-8757", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8756", "CVE-2017-8731", "CVE-2017-8682", "CVE-2017-11764", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8753", "CVE-2017-8749", "CVE-2017-9417", "CVE-2017-8750", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8752", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8754", "CVE-2017-8735", "CVE-2017-8738", "CVE-2017-8714", "CVE-2017-8728", "CVE-2017-8686", "CVE-2017-8677", "CVE-2017-11766", "CVE-2017-8649", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8660", "CVE-2017-8687", "CVE-2017-8734", "CVE-2017-8711", "CVE-2017-8759", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8706", "CVE-2017-8702", "CVE-2017-8712", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8755", "CVE-2017-8675", "CVE-2017-8723"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310811820", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811820", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038782)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811820\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-0161\", \"CVE-2017-11764\", \"CVE-2017-8719\", \"CVE-2017-8720\",\n \"CVE-2017-8723\", \"CVE-2017-8728\", \"CVE-2017-11766\", \"CVE-2017-8628\",\n \"CVE-2017-8643\", \"CVE-2017-8731\", \"CVE-2017-8733\", \"CVE-2017-8734\",\n \"CVE-2017-8735\", \"CVE-2017-8736\", \"CVE-2017-8649\", \"CVE-2017-8660\",\n \"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8737\", \"CVE-2017-8738\",\n \"CVE-2017-8741\", \"CVE-2017-8678\", \"CVE-2017-8679\", \"CVE-2017-8748\",\n \"CVE-2017-8749\", \"CVE-2017-8750\", \"CVE-2017-8752\", \"CVE-2017-8753\",\n \"CVE-2017-8754\", \"CVE-2017-8681\", \"CVE-2017-8682\", \"CVE-2017-8755\",\n \"CVE-2017-8756\", \"CVE-2017-8757\", \"CVE-2017-8759\", \"CVE-2017-8683\",\n \"CVE-2017-8686\", \"CVE-2017-9417\", \"CVE-2017-8687\", \"CVE-2017-8688\",\n \"CVE-2017-8692\", \"CVE-2017-8695\", \"CVE-2017-8699\", \"CVE-2017-8702\",\n \"CVE-2017-8704\", \"CVE-2017-8706\", \"CVE-2017-8707\", \"CVE-2017-8708\",\n \"CVE-2017-8709\", \"CVE-2017-8711\", \"CVE-2017-8712\", \"CVE-2017-8713\",\n \"CVE-2017-8714\", \"CVE-2017-8677\", \"CVE-2017-8746\", \"CVE-2017-8747\");\n\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 11:47:09 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038782)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038782\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update includes quality improvements.\n\n - Windows Error Reporting doesn't clean up temporary files when there is a\n redirection on a folder.\n\n - Internet Explorer 11's navigation bar with search box.\n\n - Internet Explorer where undo is broken if character conversion is canceled\n using IME.\n\n - Internet Explorer where graphics render incorrectly.\n\n - Windows clients receive a 0xc0000005 ACCESS_VIOLATION error when trying to\n install drivers.\n\n - A race condition may cause a blue screen on the server when Windows Server\n uses IPSec.\n\n - Internet Explorer sometimes fails to display webpages correctly when a user\n installs Windows with the CopyProfile unattend setting.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to run arbitrary code, conduct spoofing attack, escalate privileges,\n and also to obtian sensitive information.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038782\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.1714\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.14393.0 - 11.0.14393.1714\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:28:54", "description": "This host is missing a critical security\n update according to Microsoft KB4038777", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038777)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8741", "CVE-2017-8707", "CVE-2017-8685", "CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8684", "CVE-2017-8710", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8699", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8680", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8696", "CVE-2017-8677", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8687", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8675"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811746", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811746", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038777)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811746\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0161\", \"CVE-2017-8719\", \"CVE-2017-8720\", \"CVE-2017-8628\",\n \"CVE-2017-8733\", \"CVE-2017-8736\", \"CVE-2017-8675\", \"CVE-2017-8676\",\n \"CVE-2017-8741\", \"CVE-2017-8677\", \"CVE-2017-8678\", \"CVE-2017-8747\",\n \"CVE-2017-8748\", \"CVE-2017-8679\", \"CVE-2017-8680\", \"CVE-2017-8681\",\n \"CVE-2017-8749\", \"CVE-2017-8750\", \"CVE-2017-8682\", \"CVE-2017-8683\",\n \"CVE-2017-8684\", \"CVE-2017-8685\", \"CVE-2017-8687\", \"CVE-2017-8688\",\n \"CVE-2017-8696\", \"CVE-2017-8699\", \"CVE-2017-8707\", \"CVE-2017-8708\",\n \"CVE-2017-8709\", \"CVE-2017-8710\", \"CVE-2017-8695\");\n script_bugtraq_id(100728, 100744, 100737, 100743, 100752, 100755, 100764, 100767,\n 100769, 100765, 100766, 100720, 100722, 100727, 100770, 100771,\n 100772, 100781, 100782, 100724, 100736, 100756, 100780, 100783,\n 100790, 100791, 100792, 100793, 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:34:11 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038777)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038777\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error when Windows Hyper-V on a host operating system fails to properly\n validate input from an authenticated user on a guest operating system.\n\n - An issue when the Windows kernel fails to properly initialize a memory address.\n\n - An error when the Windows kernel improperly handles objects in memory.\n\n - An error in Microsoft's implementation of the Bluetooth stack.\n\n - An error in the way that Microsoft browser JavaScript engines render content when\n handling objects in memory.\n\n - An error when Windows Uniscribe improperly discloses the contents of its memory.\n\n - An error due to the way Windows Uniscribe handles objects in memory.\n\n - An error when Microsoft browsers improperly access objects in memory.\n\n - An error when Internet Explorer improperly handles specific HTML content.\n\n - An error in Microsoft browsers due to improper parent domain verification in\n certain functionality.\n\n - An error in the way that the Windows Graphics Device Interface (GDI) handles\n objects in memory, allowing an attacker to retrieve information from a targeted\n system.\n\n - An error when the Windows GDI+ component improperly discloses kernel memory\n addresses.\n\n - An error in Windows when the Windows kernel-mode driver fails to properly handle\n objects in memory.\n\n - An error when Windows Shell does not properly validate file copy destinations.\n\n - An error in Windows kernel.\n\n - An error when the Windows font library improperly handles specially crafted\n embedded fonts.\n\n - An error in the Microsoft Common Console Document.\n\n - An error in Windows when the Win32k component fails to properly handle objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain access to potentially sensitive information, perform a\n man-in-the-middle attack and force a user's computer to unknowingly route\n traffic through the attacker's computer, execute arbitrary code on the target,\n embed an ActiveX control marked safe for initialization, take complete control\n of the affected system and read arbitrary files on the affected system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038777\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"win32spl.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.23889\"))\n{\n report = 'File checked: ' + sysPath + \"\\win32spl.dll\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.1.7601.23889\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:50", "description": "This host is missing a critical security\n update according to Microsoft KB4038799", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4038799)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8713", "CVE-2017-8741", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8684", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8749", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8680", "CVE-2017-8678", "CVE-2017-8714", "CVE-2017-8728", "CVE-2017-8686", "CVE-2017-8677", "CVE-2017-8747", "CVE-2017-8679", "CVE-2017-8687", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8733", "CVE-2017-8675"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811823", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4038799)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811823\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0161\", \"CVE-2017-8719\", \"CVE-2017-8720\", \"CVE-2017-8728\",\n \"CVE-2017-8733\", \"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8737\",\n \"CVE-2017-8741\", \"CVE-2017-8678\", \"CVE-2017-8679\", \"CVE-2017-8680\",\n \"CVE-2017-8749\", \"CVE-2017-8681\", \"CVE-2017-8682\", \"CVE-2017-8683\",\n \"CVE-2017-8684\", \"CVE-2017-8686\", \"CVE-2017-8687\", \"CVE-2017-8688\",\n \"CVE-2017-8692\", \"CVE-2017-8695\", \"CVE-2017-8699\", \"CVE-2017-8707\",\n \"CVE-2017-8708\", \"CVE-2017-8709\", \"CVE-2017-8713\", \"CVE-2017-8714\",\n \"CVE-2017-8677\", \"CVE-2017-8747\");\n script_bugtraq_id(100728, 100739, 100737, 100752, 100755, 100749, 100764, 100769,\n 100720, 100722, 100770, 100727, 100772, 100781, 100782, 100730,\n 100736, 100756, 100762, 100773, 100783, 100790, 100791, 100792,\n 100796, 100767, 100765);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 12:55:59 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4038799)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038799\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists. Please see the references for more information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute arbitrary code, escalate privileges and obtain sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038799\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"glcndfilter.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.2.9200.22257\"))\n{\n report = 'File checked: ' + sysPath + \"\\glcndfilter.dll\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.2.9200.22257\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:29:08", "description": "This host is missing a critical security\n update according to Microsoft security updates KB4036586.", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (KB4036586)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8741", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8736", "CVE-2017-8529", "CVE-2017-8733"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811760", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Internet Explorer Multiple Vulnerabilities (KB4036586)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811760\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8529\", \"CVE-2017-8733\", \"CVE-2017-8736\", \"CVE-2017-8741\",\n \"CVE-2017-8747\", \"CVE-2017-8748\", \"CVE-2017-8749\", \"CVE-2017-8750\");\n script_bugtraq_id(100737, 98953, 100764, 100743, 100766, 100770, 100771, 100765);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 16:28:36 +0530 (Wed, 13 Sep 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Vulnerabilities (KB4036586)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft security updates KB4036586.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft scripting engines do not properly handle objects in memory.\n\n - Internet Explorer improperly handles specific HTML content.\n\n - An error in Microsoft browsers due to improper parent domain verification\n in certain functionality.\n\n - An error in the way that Microsoft browser JavaScript engines render content\n when handling objects in memory.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - An error in the way that Microsoft browser JavaScript engines render content\n when handling objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code in the context of the current user, gain access to\n potentially sensitive information, spoof content or serve as a pivot and detect\n specific files on the user's computer.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version 9.x, 10.x and 11.x.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4036586\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3, win7:2, win7x64:2, win2008r2:2,\n win2012:1, win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || ieVer !~ \"^(9|1[01])\\.\"){\n exit(0);\n}\n\niePath = smb_get_system32root();\nif(!iePath ){\n exit(0);\n}\n\niedllVer = fetch_file_version(sysPath:iePath, file_name:\"Mshtml.dll\");\nif(!iedllVer){\n exit(0);\n}\n\n##Server 2008\nif(hotfix_check_sp(win2008:3, win2008x64:3) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"9.0.8112.21046\"))\n {\n Vulnerable_range = \"Less than 9.0.8112.21046\";\n VULN = TRUE ;\n }\n}\n\n# Win 2012\nelse if(hotfix_check_sp(win2012:1) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"10.0.9200.22248\"))\n {\n Vulnerable_range = \"Less than 10.0.9200.22248\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1, win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"11.0.9600.18792\"))\n {\n Vulnerable_range = \"Less than 11.0.9600.18792\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + iePath + \"\\Mshtml.dll\" + '\\n' +\n 'File version: ' + iedllVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:51", "description": "This host is missing a critical security\n update according to Microsoft KB4039384", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4039384)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8685", "CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8684", "CVE-2017-8683", "CVE-2017-8680", "CVE-2017-8678", "CVE-2017-8696", "CVE-2017-8687", "CVE-2017-8676", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8675"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811673", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811673", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4039384)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811673\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8720\", \"CVE-2017-8678\",\n \"CVE-2017-8680\", \"CVE-2017-8681\", \"CVE-2017-8682\", \"CVE-2017-8683\",\n \"CVE-2017-8684\", \"CVE-2017-8685\", \"CVE-2017-8687\", \"CVE-2017-8688\",\n \"CVE-2017-8695\", \"CVE-2017-8696\");\n script_bugtraq_id(100752, 100755, 100769, 100722, 100727, 100772, 100781, 100782,\n 100724, 100736, 100756, 100773, 100780);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:37:18 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4039384)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4039384\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way Windows Uniscribe handles objects in memory.\n\n - The Windows kernel improperly handles objects in memory.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\n\n - When the Windows GDI+ component improperly discloses kernel memory addresses.\n\n - When the Microsoft Windows Graphics Component improperly handles objects in\n memory.\n\n - When the Windows font library improperly handles specially crafted embedded\n fonts.\n\n - The way that the Windows Graphics Device Interface (GDI) handles objects in\n memory, allowing an attacker to retrieve information from a targeted system.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to take control of the affected system and obtain access to information to further\n compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4039384\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.0.6002.19862\"))\n{\n Vulnerable_range = \"Less than 6.0.6002.19862\";\n VULN = TRUE ;\n}\n\nelse if(version_in_range(version:fileVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.24182\"))\n{\n Vulnerable_range = \"6.0.6002.23000 - 6.0.6002.24182\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\win32k.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:24:09", "description": "This host is missing an important security\n update according to Microsoft KB4038874", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038874)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8719", "CVE-2017-8679", "CVE-2017-8708"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811811", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811811", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038874)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811811\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8679\", \"CVE-2017-8708\", \"CVE-2017-8719\");\n script_bugtraq_id(100720, 100791);\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 08:31:27 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038874)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4038874\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists,\n\n - when the Windows kernel improperly handles objects in memory.\n\n - when the Windows kernel fails to properly initialize a memory address.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited this vulnerability to obtain information to further\n compromise the user's system and also to retrieve the base address of the kernel\n driver from a compromised process.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038874\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"advapi32.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.0.6002.19598\")){\n Vulnerable_range = \"Less than 6.0.6002.19598\";\n}\n\nelse if(version_in_range(version:fileVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.24179\")){\n Vulnerable_range = \"6.0.6002.23000 - 6.0.6002.24179\";\n}\n\nif(Vulnerable_range)\n{\n report = 'File checked: ' + sysPath + \"\\advapi32.dll\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-08T23:24:23", "description": "This host is missing a critical security\n update according to Microsoft KB3213638", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office 2010 Service Pack 2 Multiple Vulnerabilities (KB3213638)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811663", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811663", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office 2010 Service Pack 2 Multiple Vulnerabilities (KB3213638)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811663\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8682\", \"CVE-2017-8695\");\n script_bugtraq_id(100755, 100772, 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 11:42:17 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office 2010 Service Pack 2 Multiple Vulnerabilities (KB3213638)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB3213638\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way that the Windows Graphics Device Interface (GDI) handles objects in\n memory, allowing an attacker to retrieve information from a targeted system.\n\n - The Windows font library improperly handles specially crafted embedded\n fonts.\n\n - Windows Uniscribe improperly discloses the contents of its memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to retrieve information from a targeted system. By itself, the information\n disclosure does not allow arbitrary code execution. However, it could allow\n arbitrary code to be run if the attacker uses it in combination with another\n vulnerability.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2010 Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213638\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\n## MS Office 2010\nOfficeVer = get_kb_item(\"MS/Office/Ver\");\nif(!OfficeVer || OfficeVer !~ \"^(14\\.)\"){\n exit(0);\n}\n\nmsPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\nif(msPath)\n{\n offPath = msPath + \"\\Microsoft Shared\\OFFICE14\" ;\n msdllVer = fetch_file_version(sysPath:offPath, file_name:\"Ogl.dll\");\n if(!msdllVer){\n exit(0);\n }\n\n if(msdllVer =~ \"^(14\\.)\" && version_is_less(version:msdllVer, test_version:\"14.0.7188.5000\"))\n {\n report = 'File checked: ' + offPath + \"\\Ogl.dll\" + '\\n' +\n 'File version: ' + msdllVer + '\\n' +\n 'Vulnerable range: ' + \"14.0 - 14.0.7188.4999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:24:43", "description": "This host is missing a critical security\n update according to Microsoft KB3213641", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office Multiple Vulnerabilities (KB3213641)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811330", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Multiple Vulnerabilities (KB3213641)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811330\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8682\", \"CVE-2017-8695\");\n script_bugtraq_id(100755, 100772, 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 16:53:34 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office Multiple Vulnerabilities (KB3213641)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB3213641\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists in,\n\n - The way that the Windows Graphics Device Interface (GDI) handles objects\n in memory.\n\n - The Windows font library improperly handles specially crafted embedded\n fonts.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\");\n\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain access to potentially sensitive information and execute\n arbitrary code in the context of current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2007 Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213641\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## MS Office 2007\nOfficeVer = get_kb_item(\"MS/Office/Ver\");\nif(!OfficeVer || OfficeVer !~ \"^(12\\.)\"){\n exit(0);\n}\n\nmsPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\nif(msPath)\n{\n offPath = msPath + \"\\Microsoft Shared\\OFFICE12\" ;\n msdllVer = fetch_file_version(sysPath:offPath, file_name:\"Ogl.dll\");\n if(!msdllVer){\n exit(0);\n }\n\n if(msdllVer =~ \"^(12\\.)\" && version_is_less(version:msdllVer, test_version:\"12.0.6776.5000\"))\n {\n report = 'File checked: ' + offPath + \"\\Ogl.dll\" + '\\n' +\n 'File version: ' + msdllVer + '\\n' +\n 'Vulnerable range: ' + \"12.0 - 12.0.6776.4999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:22:56", "description": "This host is missing a critical security\n update according to Microsoft KB4011134", "cvss3": {}, "published": "2017-09-14T00:00:00", "type": "openvas", "title": "Microsoft Office Word Viewer Multiple Vulnerabilities (KB4011134)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811697", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811697", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Word Viewer Multiple Vulnerabilities (KB4011134)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811697\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8682\", \"CVE-2017-8695\");\n script_bugtraq_id(100755, 100772, 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-14 16:41:31 +0530 (Thu, 14 Sep 2017)\");\n script_name(\"Microsoft Office Word Viewer Multiple Vulnerabilities (KB4011134)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4011134\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in the way Windows Graphics Device Interface (GDI) handles objects\n in memory,\n\n - An error in the Windows font library which improperly handles specially\n crafted embedded fonts.\n\n - An error when Windows Uniscribe improperly discloses the contents of its\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to retrieve information from a targeted system. By itself, the information\n disclosure does not allow arbitrary code execution. However, it could allow\n arbitrary code to be run if the attacker uses it in combination with another\n vulnerability.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Word Viewer.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011134\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/WordView/Version\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(!wordviewPath = get_kb_item(\"SMB/Office/WordView/Install/Path\")){\n exit(0);\n}\n\nif(!dllVer = fetch_file_version(sysPath:wordviewPath, file_name:\"gdiplus.dll\")){\n exit(0);\n}\n\nif(version_is_less(version:dllVer, test_version:\"11.0.8443\"))\n{\n report = 'File checked: ' + wordviewPath + \"gdiplus.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: Less than 11.0.8443\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:21:03", "description": "This host is missing a critical security\n updates according to Microsoft KB4025866 and KB4025867.", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Lync Attendee Multiple Remote Code Execution Vulnerabilities (KB4025866 and KB4025867)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811327", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Lync Attendee Multiple Remote Code Execution Vulnerabilities (KB4025866 and KB4025867)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811327\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8695\", \"CVE-2017-8696\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 15:57:23 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Lync Attendee Multiple Remote Code Execution Vulnerabilities (KB4025866 and KB4025867)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n updates according to Microsoft KB4025866 and KB4025867.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to the windows font\n library which improperly handles specially crafted embedded fonts.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code on the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Lync Attendee 2010.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025867\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025866\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_ms_lync_detect_win.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/Lync/Attendee/Ver\", \"MS/Lync/Attendee/path\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025867\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"secpod_smb_func.inc\");\ninclude(\"version_func.inc\");\n\n## For Microsoft Lync 2010 Attendee (admin level install)\n## For Microsoft Lync 2010 Attendee (user level install)\nlyncPath = get_kb_item(\"MS/Lync/Attendee/path\");\nif(lyncPath)\n{\n dllVer = fetch_file_version(sysPath:lyncPath, file_name:\"Rtmpltfm.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.7577.4539\"))\n {\n\n report = 'File checked: ' + lyncPath + \"Rtmpltfm.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: 4.0 - 4.0.7577.4539' + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:24:08", "description": "This host is missing an important security\n update according to Microsoft KB4025868", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Live Meeting 2007 Console Multiple Vulnerabilities (KB4025868)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811690", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Live Meeting 2007 Console Multiple Vulnerabilities (KB4025868)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:office_live_meeting\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811690\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8695\", \"CVE-2017-8696\");\n script_bugtraq_id(100755, 100773, 100780);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 16:16:50 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Live Meeting 2007 Console Multiple Vulnerabilities (KB4025868)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4025868\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way that the Windows Graphics Device Interface (GDI) handles objects in\n memory, allowing an attacker to retrieve information from a targeted system.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\n\n - The way Windows Uniscribe handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to retrieve information from a targeted system. By itself, the information\n disclosure does not allow arbitrary code execution. However, it could allow\n arbitrary code to be run if the attacker uses it in combination with another\n vulnerability.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Live Meeting 2007 Console.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025868\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_live_meeting_detect.nasl\");\n script_mandatory_keys(\"MS/OfficeLiveMeeting/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nappPath = get_app_location(cpe:CPE, skip_port:TRUE);\nif(!appPath || \"Couldn find the install location\" >< appPath){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:appPath, file_name:\"Ogl.dll\");\nif(!dllVer){\n exit(0);\n}\n\nif(version_is_less(version:dllVer, test_version:\"12.0.6776.5000\"))\n{\n report = 'File checked: ' + appPath + \"Ogl.dll\"+ '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: Less than 12.0.6776.5000\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:33", "description": "This host is missing an important security\n update according to Microsoft KB4025869", "cvss3": {}, "published": "2017-09-14T00:00:00", "type": "openvas", "title": "Microsoft Live Meeting 2007 Add-in Multiple Vulnerabilities (KB4025869)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811765", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Live Meeting 2007 Add-in Multiple Vulnerabilities (KB4025869)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811765\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8696\", \"CVE-2017-8695\");\n script_bugtraq_id(100755, 100780, 100773);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-14 15:14:00 +0530 (Thu, 14 Sep 2017)\");\n script_name(\"Microsoft Live Meeting 2007 Add-in Multiple Vulnerabilities (KB4025869)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4025869\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in the way that the Windows Graphics Device Interface (GDI) handles\n objects in memory.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\n\n - The way Windows Uniscribe handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to potentially sensitive information and take complete control\n of system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Live Meeting 2007 Add-in.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025869\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/Office/Outlook/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\")){\n exit(0);\n}\n\nfilepath = path + \"\\Microsoft Office\\Live Meeting 8\\Addins\";\n\nif(!liveVer = fetch_file_version(sysPath:filepath, file_name:\"lmaddins.dll\")){\n exit(0);\n}\n\nif(version_is_less(version:liveVer, test_version:\"8.0.6362.281\"))\n{\n report = 'File checked: ' + filepath + \"\\lmaddins.dll\\n\" +\n 'File version: ' + liveVer + '\\n' +\n 'Vulnerable range: Less than 8.0.6362.281\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:49", "description": "This host is missing an important security\n update according to Microsoft KB4025865", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Lync 2010 Multiple Vulnerabilities (KB4025865)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811755", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Lync 2010 Multiple Vulnerabilities (KB4025865)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811755\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8696\", \"CVE-2017-8695\");\n script_bugtraq_id(100755, 100780, 100773);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 11:33:44 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Lync 2010 Multiple Vulnerabilities (KB4025865)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4025865\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in the way that the Windows Graphics Device Interface (GDI) handles\n objects in memory.\n\n - An error when Windows Uniscribe improperly discloses the contents of its memory.\n\n - An error due to the way Windows Uniscribe handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to retrieve information from a targeted system to further compromise the user's\n system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Lync 2010 (32-bit and 64-bit).\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025865\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\", \"secpod_ms_lync_detect_win.nasl\");\n script_mandatory_keys(\"MS/Lync/Installed\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(get_kb_item(\"MS/Lync/Ver\"))\n{\n lyncPath = get_kb_item(\"MS/Lync/path\");\n\n ## For MS Lync Basic\n if(!lyncPath){\n lyncPath = get_kb_item(\"MS/Lync/Basic/path\");\n }\n\n if(lyncPath)\n {\n lyncPath1 = lyncPath + \"OFFICE14\";\n\n commVer = fetch_file_version(sysPath:lyncPath1, file_name:\"Rtmpltfm.dll\");\n if(commVer)\n {\n if(commVer =~ \"^4\" && version_in_range(version:commVer, test_version:\"4.0\", test_version2:\"4.0.7577.4539\"))\n {\n report = 'File checked: ' + lyncPath1 + \"\\Rtmpltfm.dll\" + '\\n' +\n 'File version: ' + commVer + '\\n' +\n 'Vulnerable range: ' + \"4.0 - 4.0.7577.4539\" + '\\n' ;\n security_message(data:report);\n }\n }\n }\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:26:33", "description": "This host is missing an important security\n update according to Microsoft KB4039266", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Windows Shell Remote Code Execution Vulnerability (KB4039266)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8699"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811758", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811758", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Windows Shell Remote Code Execution Vulnerability (KB4039266)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811758\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8699\");\n script_bugtraq_id(100783);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 14:54:01 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Windows Shell Remote Code Execution Vulnerability (KB4039266)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4039266\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to error when Windows\n Shell does not properly validate file copy destinations.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability run arbitrary code in the context\n of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4039266\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"shell32.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.0.6002.19861\"))\n{\n Vulnerable_range = \"Less than 6.0.6002.19861\";\n VULN = TRUE ;\n}\n\nelse if(version_in_range(version:fileVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.24181\"))\n{\n Vulnerable_range = \"6.0.6002.23000 - 6.0.6002.24181\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\shell32.dll\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T16:05:59", "description": "### *Detect date*:\n09/12/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, bypass security restrictions and spoof user interface.\n\n### *Affected products*:\nMicrosoft Internet Explorer versions 9 through 11 \nMicrosoft Edge\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-8756](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8756>) \n[CVE-2017-8747](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8747>) \n[CVE-2017-8734](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8734>) \n[CVE-2017-8729](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8729>) \n[CVE-2017-8728](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8728>) \n[CVE-2017-8757](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757>) \n[CVE-2017-8749](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8749>) \n[CVE-2017-8738](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8738>) \n[CVE-2017-11766](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11766>) \n[CVE-2017-8750](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8750>) \n[CVE-2017-8731](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8731>) \n[CVE-2017-8753](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8753>) \n[CVE-2017-8723](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8723>) \n[CVE-2017-8724](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724>) \n[CVE-2017-8741](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8741>) \n[CVE-2017-8754](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8754>) \n[CVE-2017-8740](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8740>) \n[CVE-2017-8752](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8752>) \n[CVE-2017-8597](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8597>) \n[CVE-2017-8660](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660>) \n[CVE-2017-8736](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8736>) \n[CVE-2017-11764](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11764>) \n[CVE-2017-8643](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8643>) \n[CVE-2017-8751](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8751>) \n[CVE-2017-8649](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8649>) \n[CVE-2017-8748](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8748>) \n[CVE-2017-8755](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8755>) \n[CVE-2017-8737](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8737>) \n[CVE-2017-8648](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8648>) \n[CVE-2017-8739](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8739>) \n[CVE-2017-8735](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8735>) \n[CVE-2017-8733](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8733>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-8756](<https://vulners.com/cve/CVE-2017-8756>)7.6Critical \n[CVE-2017-8747](<https://vulners.com/cve/CVE-2017-8747>)7.6Critical \n[CVE-2017-8734](<https://vulners.com/cve/CVE-2017-8734>)7.6Critical \n[CVE-2017-8729](<https://vulners.com/cve/CVE-2017-8729>)7.6Critical \n[CVE-2017-8728](<https://vulners.com/cve/CVE-2017-8728>)7.6Critical \n[CVE-2017-8757](<https://vulners.com/cve/CVE-2017-8757>)7.6Critical \n[CVE-2017-8749](<https://vulners.com/cve/CVE-2017-8749>)7.6Critical \n[CVE-2017-8738](<https://vulners.com/cve/CVE-2017-8738>)7.6Critical \n[CVE-2017-11766](<https://vulners.com/cve/CVE-2017-11766>)7.6Critical \n[CVE-2017-8750](<https://vulners.com/cve/CVE-2017-8750>)7.6Critical \n[CVE-2017-8731](<https://vulners.com/cve/CVE-2017-8731>)7.6Critical \n[CVE-2017-8753](<https://vulners.com/cve/CVE-2017-8753>)7.6Critical \n[CVE-2017-8723](<https://vulners.com/cve/CVE-2017-8723>)4.3Warning \n[CVE-2017-8724](<https://vulners.com/cve/CVE-2017-8724>)4.3Warning \n[CVE-2017-8741](<https://vulners.com/cve/CVE-2017-8741>)7.6Critical \n[CVE-2017-8754](<https://vulners.com/cve/CVE-2017-8754>)4.0Warning \n[CVE-2017-8740](<https://vulners.com/cve/CVE-2017-8740>)7.6Critical \n[CVE-2017-8752](<https://vulners.com/cve/CVE-2017-8752>)7.6Critical \n[CVE-2017-8597](<https://vulners.com/cve/CVE-2017-8597>)4.3Warning \n[CVE-2017-8660](<https://vulners.com/cve/CVE-2017-8660>)9.3Critical \n[CVE-2017-8736](<https://vulners.com/cve/CVE-2017-8736>)4.3Warning \n[CVE-2017-11764](<https://vulners.com/cve/CVE-2017-11764>)7.6Critical \n[CVE-2017-8643](<https://vulners.com/cve/CVE-2017-8643>)4.3Warning \n[CVE-2017-8751](<https://vulners.com/cve/CVE-2017-8751>)7.6Critical \n[CVE-2017-8649](<https://vulners.com/cve/CVE-2017-8649>)7.6Critical \n[CVE-2017-8748](<https://vulners.com/cve/CVE-2017-8748>)7.6Critical \n[CVE-2017-8755](<https://vulners.com/cve/CVE-2017-8755>)7.6Critical \n[CVE-2017-8737](<https://vulners.com/cve/CVE-2017-8737>)7.6Critical \n[CVE-2017-8648](<https://vulners.com/cve/CVE-2017-8648>)4.3Warning \n[CVE-2017-8739](<https://vulners.com/cve/CVE-2017-8739>)4.3Warning \n[CVE-2017-8735](<https://vulners.com/cve/CVE-2017-8735>)4.3Warning \n[CVE-2017-8733](<https://vulners.com/cve/CVE-2017-8733>)4.3Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4038788](<http://support.microsoft.com/kb/4038788>) \n[4038782](<http://support.microsoft.com/kb/4038782>) \n[4038783](<http://support.microsoft.com/kb/4038783>) \n[4038792](<http://support.microsoft.com/kb/4038792>) \n[4038799](<http://support.microsoft.com/kb/4038799>) \n[4038781](<http://support.microsoft.com/kb/4038781>) \n[4038777](<http://support.microsoft.com/kb/4038777>) \n[4036586](<http://support.microsoft.com/kb/4036586>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "kaspersky", "title": "KLA11098 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8597", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8731", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757"], "modified": "2020-06-18T00:00:00", "id": "KLA11098", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11098/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-08T15:51:27", "description": "### *Detect date*:\n09/12/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code, gain privileges.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nMicrosoft Office 2016 for Mac \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows 8.1 for x64-based systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nSkype for Business 2016 (64-bit) \nMicrosoft Lync 2010 (32-bit) \nMicrosoft Lync 2013 Service Pack 1 (64-bit) \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nMicrosoft Lync Basic 2013 Service Pack 1 (64-bit) \nMicrosoft Lync 2010 Attendee (admin level install) \nSkype for Business 2016 Basic (32-bit) \nMicrosoft Live Meeting 2007 Add-in \nMicrosoft Office for Mac 2011 \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nSkype for Business 2016 (32-bit) \nMicrosoft Lync 2010 Attendee (user level install) \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nMicrosoft Lync 2010 (64-bit) \nMicrosoft Office Word Viewer \nMicrosoft Live Meeting 2007 Console \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nMicrosoft Office 2007 Service Pack 3 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nMicrosoft Office Web Apps 2010 Service Pack 2 \nWindows 10 Version 1511 for x64-based Systems \nSkype for Business 2016 Basic (64-bit) \nMicrosoft Lync Basic 2013 Service Pack 1 (32-bit) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nInternet Explorer 10 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 R2 \nMicrosoft Lync 2013 Service Pack 1 (32-bit)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-8707](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8707>) \n[CVE-2017-8708](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8708>) \n[CVE-2017-8709](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8709>) \n[CVE-2017-8628](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8628>) \n[CVE-2017-0161](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0161>) \n[CVE-2017-8695](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8695>) \n[CVE-2017-8696](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8696>) \n[CVE-2017-8699](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8699>) \n[CVE-2017-8733](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8733>) \n[CVE-2017-8710](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8710>) \n[CVE-2017-8719](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8719>) \n[CVE-2017-8678](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8678>) \n[CVE-2017-8679](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8679>) \n[CVE-2017-8676](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8676>) \n[CVE-2017-8677](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8677>) \n[CVE-2017-8675](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8675>) \n[CVE-2017-8687](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8687>) \n[CVE-2017-8685](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8685>) \n[CVE-2017-8684](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8684>) \n[CVE-2017-8683](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8683>) \n[CVE-2017-8682](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8682>) \n[CVE-2017-8681](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8681>) \n[CVE-2017-8680](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8680>) \n[CVE-2017-8741](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8741>) \n[CVE-2017-8720](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8720>) \n[CVE-2017-8688](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8688>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-8741](<https://vulners.com/cve/CVE-2017-8741>)7.6Critical \n[CVE-2017-8733](<https://vulners.com/cve/CVE-2017-8733>)4.3Warning \n[CVE-2017-8675](<https://vulners.com/cve/CVE-2017-8675>)6.9High \n[CVE-2017-8676](<https://vulners.com/cve/CVE-2017-8676>)2.1Warning \n[CVE-2017-8719](<https://vulners.com/cve/CVE-2017-8719>)1.9Warning \n[CVE-2017-8720](<https://vulners.com/cve/CVE-2017-8720>)7.2High \n[CVE-2017-0161](<https://vulners.com/cve/CVE-2017-0161>)6.8High \n[CVE-2017-8628](<https://vulners.com/cve/CVE-2017-8628>)4.3Warning \n[CVE-2017-8677](<https://vulners.com/cve/CVE-2017-8677>)2.1Warning \n[CVE-2017-8678](<https://vulners.com/cve/CVE-2017-8678>)2.1Warning \n[CVE-2017-8679](<https://vulners.com/cve/CVE-2017-8679>)2.1Warning \n[CVE-2017-8680](<https://vulners.com/cve/CVE-2017-8680>)2.1Warning \n[CVE-2017-8681](<https://vulners.com/cve/CVE-2017-8681>)2.1Warning \n[CVE-2017-8682](<https://vulners.com/cve/CVE-2017-8682>)9.3Critical \n[CVE-2017-8683](<https://vulners.com/cve/CVE-2017-8683>)2.1Warning \n[CVE-2017-8684](<https://vulners.com/cve/CVE-2017-8684>)2.1Warning \n[CVE-2017-8685](<https://vulners.com/cve/CVE-2017-8685>)2.1Warning \n[CVE-2017-8687](<https://vulners.com/cve/CVE-2017-8687>)2.1Warning \n[CVE-2017-8688](<https://vulners.com/cve/CVE-2017-8688>)2.1Warning \n[CVE-2017-8695](<https://vulners.com/cve/CVE-2017-8695>)2.6Warning \n[CVE-2017-8696](<https://vulners.com/cve/CVE-2017-8696>)7.6Critical \n[CVE-2017-8699](<https://vulners.com/cve/CVE-2017-8699>)7.6Critical \n[CVE-2017-8707](<https://vulners.com/cve/CVE-2017-8707>)1.9Warning \n[CVE-2017-8708](<https://vulners.com/cve/CVE-2017-8708>)1.9Warning \n[CVE-2017-8709](<https://vulners.com/cve/CVE-2017-8709>)1.9Warning \n[CVE-2017-8710](<https://vulners.com/cve/CVE-2017-8710>)4.3Warning\n\n### *KB list*:\n[4038779](<http://support.microsoft.com/kb/4038779>) \n[4038777](<http://support.microsoft.com/kb/4038777>) \n[4036586](<http://support.microsoft.com/kb/4036586>) \n[4025337](<http://support.microsoft.com/kb/4025337>) \n[4039038](<http://support.microsoft.com/kb/4039038>) \n[4038874](<http://support.microsoft.com/kb/4038874>) \n[4034786](<http://support.microsoft.com/kb/4034786>) \n[4032201](<http://support.microsoft.com/kb/4032201>) \n[4039266](<http://support.microsoft.com/kb/4039266>) \n[4039384](<http://support.microsoft.com/kb/4039384>) \n[4039325](<http://support.microsoft.com/kb/4039325>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "kaspersky", "title": "KLA11899 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8733", "CVE-2017-8741"], "modified": "2020-07-22T00:00:00", "id": "KLA11899", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11899/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-08T16:05:58", "description": "### *Detect date*:\n09/12/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service.\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-8728](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8728>) \n[CVE-2017-8737](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8737>) \n[CVE-2017-8675](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8675>) \n[CVE-2017-8676](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8676>) \n[CVE-2017-8713](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8713>) \n[CVE-2017-8714](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8714>) \n[CVE-2017-8716](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8716>) \n[CVE-2017-8719](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8719>) \n[CVE-2017-8720](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8720>) \n[CVE-2017-0161](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0161>) \n[CVE-2017-8628](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8628>) \n[CVE-2017-8677](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8677>) \n[CVE-2017-8678](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8678>) \n[CVE-2017-8679](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8679>) \n[CVE-2017-8680](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8680>) \n[CVE-2017-8681](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8681>) \n[CVE-2017-8682](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8682>) \n[CVE-2017-8683](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8683>) \n[CVE-2017-8684](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8684>) \n[CVE-2017-8686](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8686>) \n[CVE-2017-8687](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8687>) \n[CVE-2017-8688](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8688>) \n[CVE-2017-8692](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8692>) \n[CVE-2017-8695](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8695>) \n[CVE-2017-8699](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8699>) \n[CVE-2017-8702](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8702>) \n[CVE-2017-8704](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8704>) \n[CVE-2017-8706](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8706>) \n[CVE-2017-8707](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8707>) \n[CVE-2017-8708](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8708>) \n[CVE-2017-8709](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8709>) \n[CVE-2017-8711](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8711>) \n[CVE-2017-8712](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8712>) \n[CVE-2017-8746](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8746>) \n[CVE-2017-9417](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-9417>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Word](<https://threats.kaspersky.com/en/product/Microsoft-Word/>)\n\n### *CVE-IDS*:\n[CVE-2017-8728](<https://vulners.com/cve/CVE-2017-8728>)7.6Critical \n[CVE-2017-8737](<https://vulners.com/cve/CVE-2017-8737>)7.6Critical \n[CVE-2017-8675](<https://vulners.com/cve/CVE-2017-8675>)6.9High \n[CVE-2017-8676](<https://vulners.com/cve/CVE-2017-8676>)2.1Warning \n[CVE-2017-8713](<https://vulners.com/cve/CVE-2017-8713>)1.9Warning \n[CVE-2017-8714](<https://vulners.com/cve/CVE-2017-8714>)6.9High \n[CVE-2017-8716](<https://vulners.com/cve/CVE-2017-8716>)4.6Warning \n[CVE-2017-8719](<https://vulners.com/cve/CVE-2017-8719>)1.9Warning \n[CVE-2017-8720](<https://vulners.com/cve/CVE-2017-8720>)7.2High \n[CVE-2017-0161](<https://vulners.com/cve/CVE-2017-0161>)6.8High \n[CVE-2017-8628](<https://vulners.com/cve/CVE-2017-8628>)4.3Warning \n[CVE-2017-8677](<https://vulners.com/cve/CVE-2017-8677>)2.1Warning \n[CVE-2017-8678](<https://vulners.com/cve/CVE-2017-8678>)2.1Warning \n[CVE-2017-8679](<https://vulners.com/cve/CVE-2017-8679>)2.1Warning \n[CVE-2017-8680](<https://vulners.com/cve/CVE-2017-8680>)2.1Warning \n[CVE-2017-8681](<https://vulners.com/cve/CVE-2017-8681>)2.1Warning \n[CVE-2017-8682](<https://vulners.com/cve/CVE-2017-8682>)9.3Critical \n[CVE-2017-8683](<https://vulners.com/cve/CVE-2017-8683>)2.1Warning \n[CVE-2017-8684](<https://vulners.com/cve/CVE-2017-8684>)2.1Warning \n[CVE-2017-8686](<https://vulners.com/cve/CVE-2017-8686>)7.5Critical \n[CVE-2017-8687](<https://vulners.com/cve/CVE-2017-8687>)2.1Warning \n[CVE-2017-8688](<https://vulners.com/cve/CVE-2017-8688>)2.1Warning \n[CVE-2017-8692](<https://vulners.com/cve/CVE-2017-8692>)9.3Critical \n[CVE-2017-8695](<https://vulners.com/cve/CVE-2017-8695>)2.6Warning \n[CVE-2017-8699](<https://vulners.com/cve/CVE-2017-8699>)7.6Critical \n[CVE-2017-8702](<https://vulners.com/cve/CVE-2017-8702>)4.4Warning \n[CVE-2017-8704](<https://vulners.com/cve/CVE-2017-8704>)4.9Warning \n[CVE-2017-8706](<https://vulners.com/cve/CVE-2017-8706>)1.9Warning \n[CVE-2017-8707](<https://vulners.com/cve/CVE-2017-8707>)1.9Warning \n[CVE-2017-8708](<https://vulners.com/cve/CVE-2017-8708>)1.9Warning \n[CVE-2017-8709](<https://vulners.com/cve/CVE-2017-8709>)1.9Warning \n[CVE-2017-8711](<https://vulners.com/cve/CVE-2017-8711>)1.9Warning \n[CVE-2017-8712](<https://vulners.com/cve/CVE-2017-8712>)1.9Warning \n[CVE-2017-8746](<https://vulners.com/cve/CVE-2017-8746>)4.6Warning \n[CVE-2017-9417](<https://vulners.com/cve/CVE-2017-9417>)7.5Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4038788](<http://support.microsoft.com/kb/4038788>) \n[4038782](<http://support.microsoft.com/kb/4038782>) \n[4038786](<http://support.microsoft.com/kb/4038786>) \n[4038783](<http://support.microsoft.com/kb/4038783>) \n[4038792](<http://support.microsoft.com/kb/4038792>) \n[4038799](<http://support.microsoft.com/kb/4038799>) \n[4038793](<http://support.microsoft.com/kb/4038793>) \n[4038781](<http://support.microsoft.com/kb/4038781>) \n[4025333](<http://support.microsoft.com/kb/4025333>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "kaspersky", "title": "KLA11099 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8704", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8728", "CVE-2017-8737", "CVE-2017-8746", "CVE-2017-9417"], "modified": "2020-07-22T00:00:00", "id": "KLA11099", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11099/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-02-08T15:45:02", "description": "Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-11764", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2019-05-10T19:39:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-11764", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11764", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:15", "description": "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8752", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2017-09-19T16:26:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8752", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8752", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:18", "description": "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8755", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2019-05-03T12:11:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8755", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8755", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:13", "description": "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8729", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2019-05-03T12:29:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8729", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8729", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:13", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8738", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2017-09-19T16:26:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8738", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8738", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:14", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8741", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2017-09-19T16:22:00", "cpe": ["cpe:/a:microsoft:internet_explorer:*", "cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8741", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8741", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:15", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8753", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2017-09-19T16:23:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8753", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8753", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:03", "description": "Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8649", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2017-09-20T19:08:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8649", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8649", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:06", "description": "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8660", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8660", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8660", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:14", "description": "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8740", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2019-05-03T12:27:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8740", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8740", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:15", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8748", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2017-09-19T16:22:00", "cpe": ["cpe:/a:microsoft:internet_explorer:*", "cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8748", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8748", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:18", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-11764.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8756", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11764", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8729", "CVE-2017-8738", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8748", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8755", "CVE-2017-8756"], "modified": "2017-09-19T16:38:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8756", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8756", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:11", "description": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8708", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8679", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8719"], "modified": "2017-09-21T15:19:00", "cpe": ["cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8708", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8708", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:10", "description": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8709", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8679", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8719"], "modified": "2017-09-21T15:16:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8709", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8709", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:13", "description": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8719", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8679", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8719"], "modified": "2017-09-21T15:15:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8719", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8719", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:07", "description": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8679", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8679", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8719"], "modified": "2017-09-21T15:14:00", "cpe": ["cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8679", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8679", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:11", "description": "The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8706", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713"], "modified": "2017-09-21T17:06:00", "cpe": ["cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*"], "id": "CVE-2017-8706", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8706", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:10", "description": "The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8707", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713"], "modified": "2017-09-21T17:05:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8707", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8707", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:12", "description": "The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8711", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713"], "modified": "2017-09-19T17:47:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_10:1607"], "id": "CVE-2017-8711", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8711", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:12", "description": "The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8712", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713"], "modified": "2017-09-19T16:06:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1703"], "id": "CVE-2017-8712", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8712", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:11", "description": "The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8713", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713"], "modified": "2017-09-19T16:02:00", "cpe": ["cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8713", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:07", "description": "The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8677", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8687"], "modified": "2017-09-21T15:44:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8677", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8677", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:07", "description": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8678", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8687"], "modified": "2017-09-21T15:40:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8678", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8678", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:09", "description": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8681", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8687"], "modified": "2017-09-21T15:28:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8681", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8681", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:07", "description": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8680", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8687"], "modified": "2019-05-10T19:43:00", "cpe": ["cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2017-8680", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8680", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:08", "description": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8687", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8687"], "modified": "2017-09-21T15:31:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8687", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8687", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:03", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8643", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8597", "CVE-2017-8643", "CVE-2017-8648"], "modified": "2017-09-20T19:08:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8643", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8643", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:03", "description": "Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8648", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8597", "CVE-2017-8643", "CVE-2017-8648"], "modified": "2017-09-20T18:48:00", "cpe": ["cpe:/o:microsoft:windows_10:1703"], "id": "CVE-2017-8648", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8648", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:15:57", "description": "Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8597", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8597", "CVE-2017-8643", "CVE-2017-8648"], "modified": "2017-09-20T18:48:00", "cpe": ["cpe:/o:microsoft:windows_10:1703"], "id": "CVE-2017-8597", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8597", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T15:45:01", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-11766", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11766", "CVE-2017-8731", "CVE-2017-8734", "CVE-2017-8751"], "modified": "2017-09-20T19:03:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-11766", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11766", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:14", "description": "Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8731", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11766", "CVE-2017-8731", "CVE-2017-8734", "CVE-2017-8751"], "modified": "2019-05-03T12:24:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8731", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8731", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:16", "description": "Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8751", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11766", "CVE-2017-8731", "CVE-2017-8734", "CVE-2017-8751"], "modified": "2019-05-10T19:29:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8751", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8751", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:13", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8734", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11766", "CVE-2017-8731", "CVE-2017-8734", "CVE-2017-8751"], "modified": "2019-05-03T12:22:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8734", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8734", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:12", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka \"Microsoft Edge Security Feature Bypass Vulnerability\". This CVE ID is unique from CVE-2017-8754.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8723", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8723", "CVE-2017-8754"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8723", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8723", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:16", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka \"Microsoft Edge Security Feature Bypass Vulnerability\". This CVE ID is unique from CVE-2017-8723.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8754", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8723", "CVE-2017-8754"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8754", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8754", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:23", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8747.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8749", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8747", "CVE-2017-8749"], "modified": "2017-09-21T15:15:00", "cpe": ["cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2017-8749", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8749", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:15", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8749.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8747", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8747", "CVE-2017-8749"], "modified": "2017-09-21T18:36:00", "cpe": ["cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2017-8747", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8747", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:12", "description": "Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka \"Windows PDF Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8737.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8728", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8728", "CVE-2017-8737"], "modified": "2017-09-21T16:17:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:*", "cpe:/a:microsoft:edge:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8728", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8728", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:13", "description": "Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka \"Windows PDF Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8728.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8737", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8728", "CVE-2017-8737"], "modified": "2017-09-21T18:43:00", "cpe": ["cpe:/a:microsoft:edge:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8737", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8737", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:12", "description": "Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka \"Microsoft Edge Spoofing Vulnerability\". This CVE ID is unique from CVE-2017-8735.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8724", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8724", "CVE-2017-8735"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8724", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8724", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:13", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka \"Microsoft Edge Spoofing Vulnerability\". This CVE ID is unique from CVE-2017-8724.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8735", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8724", "CVE-2017-8735"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8735", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8735", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:06", "description": "The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\".. This CVE ID is unique from CVE-2017-8720.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8675", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8675", "CVE-2017-8720"], "modified": "2017-09-21T18:32:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8675", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8675", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:14", "description": "The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8675.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8720", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8675", "CVE-2017-8720"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8720", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:08", "description": "Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka \"Win32k Graphics Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8683.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8682", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8682", "CVE-2017-8683"], "modified": "2019-05-10T19:58:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/a:microsoft:office_word_viewer:-", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/a:microsoft:office_2010:-", "cpe:/a:microsoft:office_2007:-"], "id": "CVE-2017-8682", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8682", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_2007:-:sp3:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_2010:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:08", "description": "Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka \"Win32k Graphics Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8682.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8683", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8682", "CVE-2017-8683"], "modified": "2019-05-03T12:44:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2017-8683", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8683", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:16", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka \"Microsoft Edge Remote Code Execution Vulnerability\".", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8757", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8757"], "modified": "2017-09-18T16:18:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8757", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8757", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:12", "description": "Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka \"Windows Shell Remote Code Execution Vulnerability\".", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8699", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8699"], "modified": "2017-09-21T17:22:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2017-8699", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8699", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:14", "description": "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\".", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8739", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8739"], "modified": "2017-09-20T18:38:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8739", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8739", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:13", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka \"Microsoft Browser Information Disclosure Vulnerability\".", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8736", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8736"], "modified": "2017-09-21T15:00:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8736", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8736", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:15", "description": "Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka \"Device Guard Security Feature Bypass Vulnerability\".", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8746", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8746"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1703"], "id": "CVE-2017-8746", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8746", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:09", "description": "The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka \"Uniscribe Remote Code Execution Vulnerability\".", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8692", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8692"], "modified": "2017-09-21T18:17:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2017-8692", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8692", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:17", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka \"Microsoft Browser Memory Corruption Vulnerability\".", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8750", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8750"], "modified": "2017-09-18T16:12:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8750", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8750", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:13", "description": "Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka \"Windows Security Feature Bypass Vulnerability\".", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8716", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8716"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_10:1703"], "id": "CVE-2017-8716", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8716", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"]}], "talosblog": [{"lastseen": "2017-09-20T10:59:03", "description": "Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Office, Remote Desktop Protocol, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.<br /><br />Note that the Bluetooth vulnerabilities known as \"BlueBorne\" that affected Windows have been patched in this latest release. For more information, please refer to CVE-2017-8628.<br /><br /><a name='more'></a><h2 id=\"h.wjrt5zh1f6pu\">Vulnerabilities Rated Critical</h2><br />The following vulnerabilities are rated \"critical\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8747\">CVE-2017-8747</a> - Internet Explorer Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8749\">CVE-2017-8749</a> - Internet Explorer Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8750\">CVE-2017-8750</a> - Microsoft Browser Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8731\">CVE-2017-8731</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8734\">CVE-2017-8734</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8751\">CVE-2017-8751</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8755\">CVE-2017-8755</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8756\">CVE-2017-8756</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11766\">CVE-2017-11766</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757\">CVE-2017-8757</a> - Microsoft Edge Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696\">CVE-2017-8696</a> - Microsoft Graphics Component Remote Code Execution</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8728\">CVE-2017-8728</a> - Microsoft PDF Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8737\">CVE-2017-8737</a> - Microsoft PDF Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0161\">CVE-2017-0161</a> - NetBIOS Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8649\">CVE-2017-8649</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660\">CVE-2017-8660</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8729\">CVE-2017-8729</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8738\">CVE-2017-8738</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8740\">CVE-2017-8740</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8741\">CVE-2017-8741</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8748\">CVE-2017-8748</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8752\">CVE-2017-8752</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8753\">CVE-2017-8753</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11764\">CVE-2017-11764</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682\">CVE-2017-8682</a> - Win32k Graphics Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8686\">CVE-2017-8686</a> - Windows DHCP Server Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676\">CVE-2017-8676</a> - Windows GDI+ Information Disclosure Vulnerability</li></ul>The following briefly describes these vulnerabilities.<br /><br /><h3 id=\"h.b21z3uko0dvb\">CVE-2017-8747, CVE-2017-8749 - Internet Explorer Memory Corruption Vulnerability</h3><br />Two vulnerabilities have been identified in Internet Explorer that could result in remote code execution in the context of the current user. These vulnerabilities manifest due to improper handling of objects in memory when attempting to render a webpage. Both vulnerabilities could be exploited if, for example, a user visits a specially crafted webpage that exploits one of these flaws.<br /><br /><h3 id=\"h.stimxk5dlt9s\">CVE-2017-8750 - Microsoft Browser Memory Corruption Vulnerability</h3><br />A vulnerability have been identified in Edge and Internet Explorer that could result in remote code execution in the context of the current user. This vulnerability manifests due to improper handling of objects in memory when attempting to render a webpage. This vulnerability could be exploited if, for example, a user visits a specially crafted webpage that exploits this flaw.<br /><br /><h3 id=\"h.noriw5kti6\">Multiple CVEs - Microsoft Edge Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified in Microsoft Edge that could allow an attacker to execute arbitrary code on an affected host. These vulnerabilities manifest due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in arbitrary code execution in the context of the current user. Users who visit a specially crafted web page under the control of the attacker could be exploited.<br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8731</li><li>CVE-2017-8734</li><li>CVE-2017-8751</li><li>CVE-2017-8755</li><li>CVE-2017-8756</li><li>CVE-2017-11766</li></ul><h3 id=\"h.1v376u5n6xmf\">CVE-2017-8757 - Microsoft Edge Remote Code Execution Vulnerability</h3><br />A vulnerability have been identified in Edge that could result in remote code execution in the context of the current user. This vulnerability manifests due to improper handling of objects in memory when attempting to render a webpage. This vulnerability could be exploited if, for example, a user visits a specially crafted webpage that exploits this flaw. Alternatively, an attacker could embed an ActiveX control marked \"safe for initialization\" within a Microsoft Office document that \"hosts the browser rendering engine\" and socially engineer the user to open the malicious document.<br /><br /><h3 id=\"h.ur4dd8a6i1eq\">CVE-2017-8696 - Microsoft Graphics Component Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in Windows Uniscribe that could allow an attacker to remotely execute arbitrary code on an affected host. This vulnerability manifests due to improper handling of objects in memory. Exploitation of this vulnerability could be achieved if a user navigates to a malicious web page or opens a malicious file designed to exploit this vulnerability. Successful exploitation would result in arbitrary code execution in the context of the current user.<br /><br /><h3 id=\"h.9ttwbr9e0ewj\">CVE-2017-8728, CVE-2017-8737 - Microsoft PDF Remote Code Execution Vulnerability</h3><br />Two vulnerabilities in the Microsoft Windows PDF library have been identified that could allow an attacker to execute arbitrary code on a targeted host. These vulnerabilities manifest due to improper handling of objects in memory. Successful exploitation of these vulnerabilities would result in arbitrary code execution in the context of the current user. Users who open a specially crafted PDF file or who visit a web page containing a specially crafted PDF could exploit these vulnerabilities.<br /><br /><h3 id=\"h.crqjkzdd0al6\">CVE-2017-0161 - NetBIOS Remote Code Execution Vulnerability</h3><br />A vulnerability in NetBT Session Services has been identified that could allow an attacker to execute arbitrary code on the targeted host remotely. This vulnerability manifests as a race condition \"when NetBT fails to maintain certain sequencing requirements.\" An attacker who sends specially crafted NetBT Session Service packets to the targeted system could exploit this vulnerability and achieve remote code execution.<br /><br /><h3 id=\"h.d8c9mlg86eww\">Multiple CVEs - Scripting Engine Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified in the Microsoft Browser JavaScript engine that could allow remote code execution to occur in the context of the current user. These vulnerabilities manifest due to improper handling of objects in memory, resulting in memory corruption. Exploitation of these vulnerabilities is achievable if a user visits a specially crafted web page that contains JavaScript designed to exploit one or more of these vulnerabilities. <br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8649</li><li>CVE-2017-8660</li><li>CVE-2017-8729</li><li>CVE-2017-8738</li><li>CVE-2017-8740</li><li>CVE-2017-8741</li><li>CVE-2017-8748</li><li>CVE-2017-8752</li><li>CVE-2017-8753</li><li>CVE-2017-11764</li></ul><h3 id=\"h.cya79aegordp\">CVE-2017-8682 - Win32k Graphics Remote Code Execution Vulnerability</h3><br />A vulnerability in the Windows font library has been identified that could allow an attacker to execute arbitrary code on an affected host. This vulnerability manifests due to improper handling of embedded fonts. Successful exploitation of this vulnerability would result in arbitrary code execution in the context of the current user. For this vulnerability to be exploited, a user would need to either navigate to a specially crafted website or open a specially crafted document that is designed to exploit this flaw.<br /><br /><h3 id=\"h.z0mubxvpwva7\">CVE-2017-8686 - Windows DHCP Server Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in the Windows Server DHCP service where remote code execution could be achieved if exploited. This vulnerability manifests as a result of the service incorrectly handling DHCP packets. Successful exploitation could allow an attacker to remotely execute code on an affected host or create a denial of service condition. For this vulnerability to be exploited, an attacker would need to send a specially crafted packet to the DHCP server that is set to failover mode. If the server is not set to failover mode, the attack will not succeed.<br /><br /><h3 id=\"h.og6ixgv9kv1f\">CVE-2017-8676 - Windows GDI+ Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability have been identified in the Windows Graphics Device Interface+ (GDI+) that could allow an attacker to obtain potentially sensitive information about the affected host. This vulnerability manifests due to the Windows GDI+ component improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and leverage the information to further compromise the host.<br /><br /><h2 id=\"h.kw73svtlwob2\">Vulnerabilities Rated Important</h2><br />The following vulnerabilities are rated \"important\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759\">CVE-2017-8759</a> - .NET Framework Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417\">CVE-2017-9417</a> - Broadcom BCM43xx Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8746\">CVE-2017-8746</a> - Device Guard Security Feature Bypass Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695\">CVE-2017-8695</a> - Graphics Component Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8704\">CVE-2017-8704</a> - Hyper-V Denial of Service Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8706\">CVE-2017-8706</a> - Hyper-V Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8707\">CVE-2017-8707</a> - Hyper-V Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8711\">CVE-2017-8711</a> - Hyper-V Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8712\">CVE-2017-8712</a> - Hyper-V Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8713\">CVE-2017-8713</a> - Hyper-V Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8733\">CVE-2017-8733</a> - Internet Explorer Spoofing Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8628\">CVE-2017-8628</a> - Microsoft Bluetooth Driver Spoofing Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8736\">CVE-2017-8736</a> - Microsoft Browser Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8597\">CVE-2017-8597</a> - Microsoft Edge Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8643\">CVE-2017-8643</a> - Microsoft Edge Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8648\">CVE-2017-8648</a> - Microsoft Edge Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8754\">CVE-2017-8754</a> - Microsoft Edge Security Feature Bypass Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724\">CVE-2017-8724</a> - Microsoft Edge Spoofing Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8758\">CVE-2017-8758</a> - Microsoft Exchange Cross-Site Scripting Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761\">CVE-2017-11761</a> - Microsoft Exchange Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630\">CVE-2017-8630</a> - Microsoft Office Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631\">CVE-2017-8631</a> - Microsoft Office Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632\">CVE-2017-8632</a> - Microsoft Office Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744\">CVE-2017-8744</a> - Microsoft Office Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725\">CVE-2017-8725</a> - Microsoft Office Publisher Remote Code Execution</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567\">CVE-2017-8567</a> - Microsoft Office Remote Code Execution</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745\">CVE-2017-8745</a> - Microsoft SharePoint Cross Site Scripting Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8629\">CVE-2017-8629</a> - Microsoft SharePoint XSS Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742\">CVE-2017-8742</a> - PowerPoint Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743\">CVE-2017-8743</a> - PowerPoint Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8714\">CVE-2017-8714</a> - Remote Desktop Virtual Host Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8739\">CVE-2017-8739</a> - Scripting Engine Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8692\">CVE-2017-8692</a> - Uniscribe Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8675\">CVE-2017-8675</a> - Win32k Elevation of Privilege Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8720\">CVE-2017-8720</a> - Win32k Elevation of Privilege Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8683\">CVE-2017-8683</a> - Win32k Graphics Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8677\">CVE-2017-8677</a> - Win32k Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678\">CVE-2017-8678</a> - Win32k Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8680\">CVE-2017-8680</a> - Win32k Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8681\">CVE-2017-8681</a> - Win32k Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8687\">CVE-2017-8687</a> - Win32k Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8702\">CVE-2017-8702</a> - Windows Elevation of Privilege Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8684\">CVE-2017-8684</a> - Windows GDI+ Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8685\">CVE-2017-8685</a> - Windows GDI+ Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8688\">CVE-2017-8688</a> - Windows GDI+ Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8710\">CVE-2017-8710</a> - Windows Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8679\">CVE-2017-8679</a> - Windows Kernel Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8708\">CVE-2017-8708</a> - Windows Kernel Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8709\">CVE-2017-8709</a> - Windows Kernel Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8719\">CVE-2017-8719</a> - Windows Kernel Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8716\">CVE-2017-8716</a> - Windows Security Feature Bypass Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8699\">CVE-2017-8699</a> - Windows Shell Remote Code Execution Vulnerability</li></ul><br /><br />The following briefly describes these vulnerabilities.<br /><br /><h3 id=\"h.yx03slsn57ac\">CVE-2017-8759 - .NET Framework Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in the Microsoft .NET Framework that could allow an attacker to execute arbitrary code on an affected device. This vulnerability manifests due to improperly handling untrusted input. Successful exploitation could result in an attacker being able to execute arbitrary code in the context of the current user. A user who opens a malicious document or application could be exploited and compromised via this vulnerability. <br /><br /><h3 id=\"h.uzavzney52sl\">CVE-2017-9417 - Broadcom BCM43xx Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in the Broadcom chipsets used in HoloLens that could allow an attacker to execute arbitrary code on an affected device. This vulnerability manifests due to improper handling of Wi-fi packets. Successful exploitation of this vulnerability could result in an attacker being able to take full control of the device with administrator privileges.<br /><br /><h3 id=\"h.q0sownl8t7qr\">CVE-2017-8746 - Device Guard Security Feature Bypass Vulnerability</h3><br />A vulnerability had been identified in Device Guard that could allow an attacker bypass a security control and inject malicious code into a Windows Powershell session. This vulnerability manifests as a flaw in how the Device Guard Code Integrity policy is implemented. An attacker who has access to a local machine could inject malicious into a script that is trusted by the Code Integrity policy. As a result, the injected code could run with the same trust level as the script, bypassing the Code Integrity policy control. <br /><br /><h3 id=\"h.ll3quw96ab85\">CVE-2017-8695 - Graphics Component Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in Windows Uniscribe that could allow an attacker to obtain important system information. This information could then be used to further compromise a user's system via another vulnerability. Exploitation of this vulnerability could be achieved if a user opens a specially crafted document or visited a malicious web page that is designed to exploit this vulnerability.<br /><br /><h3 id=\"h.2bzhnugg695o\">CVE-2017-8704 - Hyper-V Denial of Service Vulnerability</h3><br />A denial of service vulnerability has been identified in Microsoft Hyper-V that could cause the host machine to crash. This vulnerability manifests due to the host server improperly validating input from a privileged user within a guest operating system. An attacker who has privileged access in a guest operating system on the affected host could execute a specially crafted application could trigger this vulnerability. <br /><br /><h3 id=\"h.r4ggol7u66a4\">Multiple CVEs - Hyper-V Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified in Windows Hyper-V that could allow an attacker to access sensitive information on the Hyper-V host operating system. These vulnerabilities manifest due to Hyper-V improperly validating input from an authenticated user inside a guest operating system. An attacker who has access to a guest VM and executes a specially crafted application within the guest VM could exploit this vulnerability and obtain information on the Hyper-V host.<br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8706</li><li>CVE-2017-8707</li><li>CVE-2017-8711</li><li>CVE-2017-8712</li><li>CVE-2017-8713</li></ul><h3 id=\"h.go05wxr3gp4u\">CVE-2017-8733 - Internet Explorer Spoofing Vulnerability</h3><br />A spoofing vulnerability in Internet Explorer has been identified that could allow an attacker to trick the user into believing they were visiting a legitimate web site. This vulnerability manifests due to Internet Explorer incorrectly handling specific HTML content. A user who navigates to a specially crafted web page under the control of the attacker could be exploited. As a result, this malicious website could then be used to serve spoofed content to the user or to serve as part of a exploit chain designed to compromise the affected host.<br /><br /><h3 id=\"h.34qo8abuqnpm\">CVE-2017-8628 - Microsoft Bluetooth Driver Spoofing Vulnerability</h3><br />A spoofing vulnerability has been identified in Microsoft's implementation of the Bluetooth stack and has been disclosed as part of \"BlueBorne\" series of vulnerabilities. This vulnerability could allow an attacker to perform a man-in-the-middle attack and force a user's device to \"unknowingly route traffic through the attacker's computer.\" For this exploit to be possible, an attacker would need to be within physical proximity to the targeted device and the targeted device would need to have Bluetooth enabled. Note that if both of these conditions are satisfied, an attacker could \"initiate a Bluetooth connection to the target computer without the user's knowledge.\"<br /><br /><h3 id=\"h.ln4j5mfzpuxf\">CVE-2017-8736 - Microsoft Browser Information Disclosure Vulnerability</h3><br />A vulnerability in Microsoft Edge and Internet Explorer has been identified that could allow an attacker to obtain information regarding the user's current session. This vulnerability manifests due to the browser improperly verifying parent domains in certain functionality. An attacker who socially engineers a user to visiting a specially crafted web page could exploit this flaw and obtain information that is specific to the parent domain. <br /><br /><h3 id=\"h.oviarhz23nwn\">CVE-2017-8597, CVE-2017-8648 - \ufeffMicrosoft Edge Information Disclosure Vulnerability</h3><br />Multiple vulnerabilities in Microsoft Edge have been identified that could allow an attacker to discover sensitive information regarding the targeted system. These vulnerabilities manifest due to improper handling of objects in memory. Successful exploitation of these vulnerabilities could given an attacker the necessary information to further exploit additional vulnerabilities on the system.<br /><br /><h3 id=\"h.191qetibk7vs\">CVE-2017-8643 - \ufeffMicrosoft Edge Information Disclosure Vulnerability</h3><br />An vulnerability in Microsoft Edge has been identified that could permit the disclosure of potentially sensitive information. This vulnerability manifests due to Microsoft Edge improperly handling clipboard events. Exploitation of this vulnerability is achievable if an attacker socially engineers a user to open a specially crafted web page that exploits this flaw. As long has this web page remains open, an attacker would be able to able to gain knowledge of clipboard activities.<br /><br /><h3 id=\"h.pwpku8fvq7t4\">CVE-2017-8754 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A vulnerability in Microsoft Edge has been identified that could allow an attacker to bypass the Content Security Policy (CSP) feature. This vulnerability manifests due to improperly validating certain specially crafted documents. Successful exploitation could allow an attacker to redirect users to a malicious web page. Users who visit a specially crafted web page under the control of the attacker could be exploited. Alternatively, users who visit a compromised web page or who get served a malicious advertisement an attacker has injected into an advertising network could be exploited.<br /><br /><h3 id=\"h.bogzmmli42pp\">CVE-2017-8724 - Microsoft Edge Spoofing Vulnerability</h3><br />A vulnerability in Edge has been identified that could allow an attacker to spoof content on a targeted host. This vulnerability manifests due to improper parsing of HTTP content. Successful exploitation of this vulnerability would result in the user being redirected to a web site of the attacker's choosing. This web site could then spoof content or serve as part of an exploit chain whereby the user could be exploited via another vulnerability. Scenarios where a user could be attacked include email or instant message vectors where the user clicks on a malicious link, or the user navigates to a specially crafted web page under the control of the attacker.<br /><br /><h3 id=\"h.g6dm6snlerd4\">CVE-2017-8758 - Microsoft Exchange Cross-Site Scripting Vulnerability</h3><br />A cross-site scripting vulnerability in Microsoft Exchange has been identified that could allow an attacker to perform a content/script injection attack. This vulnerability manifests due to Exchange failing to properly handle web requests. An attacker who sends an intended victim a specially crafted email containing a malicious link could exploit this vulnerability and potentially trick the user into disclosing sensitive information.<br /><br /><h3 id=\"h.pg5opjwskjeq\">CVE-2017-11761 - Microsoft Exchange Information Disclosure Vulnerability</h3><br />A vulnerability in Microsoft Exchange has been identified that could allow an attacker to obtain information regarding the affected server's local network. This vulnerability manifests as an information disclosure flaw due to improper input sanitization. An attacker who includes specially crafted tags in a Calendar-related message and sends this to an affected Exchange server could exploit this flaw and enumerate internal hosts assigned an RFC 1918 IP address. This information could then be used as part of a larger attack.<br /><br /><h3 id=\"h.viucs2kai67d\">Multiple CVEs - Microsoft Office Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified affecting Microsoft Office that could allow an attacker to execute arbitrary code on an affected system. These vulnerabilities manifest due to Office improperly handling objects in memory. A users who opens a maliciously crafted Office document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Office document. <br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8630</li><li>CVE-2017-8631</li><li>CVE-2017-8632</li><li>CVE-2017-8744</li></ul><h3 id=\"h.nuqj6pjdzqbu\">CVE-2017-8725 - Microsoft Office Publisher Remote Code Execution</h3><br />A vulnerability has been identified affecting Microsoft Office Publisher that could allow an attacker to execute arbitrary code on an affected system. This vulnerability manifests due to Publisher improperly handling objects in memory. A users who opens a maliciously crafted Publisher document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Publisher document. <br /><br /><h3 id=\"h.esin5ce3nqec\">CVE-2017-8567 - Microsoft Office Remote Code Execution</h3><br />A vulnerability has been identified affecting Microsoft Office that could allow an attacker to execute arbitrary code on an affected system. This vulnerability manifests due to Office improperly handling objects in memory. A user who opens a maliciously crafted document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Office document. Note that Preview Pane is not an attack vector for this vulnerability.<br /><br /><h3 id=\"h.ospgiqaad31r\">CVE-2017-8745, CVE-2017-8629 - Microsoft SharePoint XSS Vulnerability</h3><br />Two vulnerabilities in Microsoft Sharepoint have been identified that could could allow an attacker to execute a cross-site scripting (XSS) attack. These vulnerabilities manifest due to Sharepoint Server improperly sanitizing specific web requests from a user. Successful exploitation of these flaws could allow an attacker to execute script in the context of the current user, read content that the attacker would not have permission to otherwise view, or execute actions on behalf of the affected user.<br /><br /><h3 id=\"h.635w9ipli4p\">CVE-2017-8742, CVE-2017-8743 - PowerPoint Remote Code Execution Vulnerability</h3><br />Two vulnerabilities have been identified affecting Microsoft Office Powerpoint that could allow an attacker to execute arbitrary code on an affected system. These vulnerabilities manifest due to Powerpoint improperly handling objects in memory. A user who opens a maliciously crafted Powerpoint document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Powerpoint document. <br /><br /><h3 id=\"h.o485gj9i5m2w\">CVE-2017-8714 - Remote Desktop Virtual Host Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in the VM Host Agent Service of Remote Desktop Virtual Host that could allow an attacker to execute arbitrary code on an affected host. This vulnerability manifests due to improperly validating input from an authenticated user within a guest operating system. Exploitation of this flaw is achievable if an attacker issues a \"specially crafted certificate\" within a guest operating system, causing the \"VM host agent service on the host operating system to execute arbitrary code.\" Microsoft notes that the Remote Desktop Virtual Host role is not enabled by default.<br /><br /><h3 id=\"h.ky3d7sjix04t\">CVE-2017-8739 - Scripting Engine Information Disclosure Vulnerability</h3><br />A vulnerability in Microsoft Edge has been identified that could disclose sensitive information to an attacker. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in an attacker obtaining information that could then be used to further exploit the system. Users who visit a specially crafted web page under the control of the attacker could be exploited.<br /><br /><h3 id=\"h.z9wdxzsfio38\">CVE-2017-8692 - Uniscribe Remote Code Execution Vulnerability</h3><br />An arbitrary code execution vulnerability has been identified in Windows Uniscribe that could allow an attacker to execute code in the context of the current user. This vulnerability manifests due to Uniscribe improperly handling objects in memory. Exploitation of this vulnerability could be achieved if a user navigates to a malicious web page or opens a malicious file designed to exploit this vulnerability. <br /><br /><h3 id=\"h.t7doth5n2cw\">CVE-2017-8593 - Win32k Elevation of Privilege Vulnerability</h3><br />A vulnerability in Windows Kernel Mode Drivers has been identified that could allow a privilege escalation attack to occur. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability could result in an attacker being able to execute arbitrary code in kernel mode. An attacker who executes a specially crafted executable could exploit this vulnerability and as a result, gain full control of the affected system.<br /><br /><h3 id=\"h.ta4wavxlagpn\">CVE-2017-8720 - Win32k Elevation of Privilege Vulnerability</h3><br />A vulnerability in the Win32k component in Windows has been identified that could allow a privilege escalation attack to occur. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in an attacker obtaining administrator privileges on the targeted system. Users who run a specially crafted executable that exploits this vulnerability could leverage this vulnerability to perform actions as an administrator on the affected system.<br /><br /><h3 id=\"h.kkm2sbbbbjiq\">CVE-2017-8683 - Win32k Graphics Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Windows Graphics Component that could allow an attacker to gain information about the host. This vulnerability manifests due to the Graphics Component improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and leverage the information to further compromise the host.<br /><br /><h3 id=\"h.fi4oouptx2sl\">CVE-2017-8678 - Win32k Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Windows kernel that could allow an attacker to gain information about the host. This vulnerability manifests due to the kernel improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and leverage the information to further compromise the host.<br /><br /><h3 id=\"h.jmbol5pwp86e\">Multiple CVEs - Win32k Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified in the Windows Graphics Device Interface+ (GDI+) component that could allow an attacker to gain information about the host. This vulnerability manifests due to the GDI+ component improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and leverage the information to further compromise the host.<br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8677</li><li>CVE-2017-8680</li><li>CVE-2017-8681</li></ul><h3 id=\"h.ck0pehdfhuu3\">CVE-2017-8687 - Win32k Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Windows kernel that could allow an attacker to gain information which could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. This vulnerability manifests due to the kernel improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and obtain the \"memory address of a kernel object,\" allowing an attacker to leverage the information to further compromise the host.<br /><br /><h3 id=\"h.4erxlgg1wp8\">CVE-2017-8702 - Windows Elevation of Privilege Vulnerability</h3><br />A vulnerability in the Windows Error Reporting (WER) has been identified that could allow a privilege escalation attack to occur. Successful exploitation of this vulnerability would result in an attacker obtaining administrator privileges on the targeted system.<br /><br /><h3 id=\"h.8xq934iw79wv\">Multiple CVEs - Windows GDI+ Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified in the Windows Graphics Device Interface+ (GDI+) that could allow an attacker to obtain potentially sensitive information about the affected host. These vulnerabilities manifest due to the Windows GDI+ component improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and leverage the information to further compromise the host.<br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8684</li><li>CVE-2017-8685</li><li>CVE-2017-8688</li></ul><h3 id=\"h.j57wphkiyqt8\">CVE-2017-8710 - Windows Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability in the Windows System Information Console has been identified that could allow an attacker to read arbitrary files on an affected system. This vulnerability manifests due to improper parsing of XML input which contains a reference to an external entity. An attacker who creates specially crafted file containing XML content and either opens the file or socially engineers an user to open the file on an affected system could exploit this vulnerability. <br /><br /><h3 id=\"h.7b1xywt7n53p\">Multiple CVEs - Windows Kernel Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified in the Windows kernel that could allow an attacker gain information about the host. These vulnerabilities manifest due to the kernel improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit these vulnerabilities and leverage the information to further compromise the host.<br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8679</li><li>CVE-2017-8709</li><li>CVE-2017-8719</li></ul><h3 id=\"h.cbhbkylvrzxe\">CVE-2017-8708 - Windows Kernel Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Windows kernel that could allow an attacker to gain information which could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. This vulnerability manifests due to the kernel failing to properly initialize a memory address. An attacker who runs a specially crafted executable could exploit this vulnerability and obtain the \"base address of the kernel driver from a compromised process,\" allowing an attacker to leverage the information to further compromise the host.<br /><br /><h3 id=\"h.xp1vybmtwc6q\">CVE-2017-8716 - Windows Security Feature Bypass Vulnerability</h3><br />A vulnerability has been identified in Windows Control Flow Guard that could allow an attacker bypass its intended function. This vulnerability manifests due to the Control Flow Guard mishandling objects in memory. An attacker who runs a specially crafted executable on an affected host could exploit this vulnerability.<br /><br /><h3 id=\"h.5dcwsx39r8a8\">CVE-2017-8699 - Windows Shell Remote Code Execution Vulnerability</h3><br />An arbitrary code execution vulnerability has been identified in the Windows Shell that could allow an attacker to execute code in the context of the current user. This vulnerability manifests as a result of Window Shell improperly validating file copy destinations. An attacker who opens a specially crafted file could exploit this vulnerability. Scenarios where end-user could be compromised include email-based attacks, where an attacker send the victim a malicious attachment that the user opens, or a web-based attack where the user downloads and opens a malicious file.<br /><br /><h2 id=\"h.b311wwj7cqyf\">Vulnerabilities Rated Moderate</h2><br />The following vulnerabilities are rated \"moderate\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8723\">CVE-2017-8723</a> - Microsoft Edge Security Feature Bypass Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8735\">CVE-2017-8735</a> - Internet Explorer Memory Corruption Vulnerability</li></ul>The following briefly describes these vulnerabilities.<br /><br /><h3 id=\"h.6ja1j3o46v6h\">CVE-2017-8723 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A vulnerability in Microsoft Edge has been identified that could allow an attacker to bypass the Content Security Policy (CSP) feature. This vulnerability manifests due to improperly validating certain specially crafted documents. Successful exploitation could allow an attacker to redirect users to a malicious web page. Users who visit a specially crafted web page under the control of the attacker could be exploited. Alternatively, users who visit a compromised web page or who get served a malicious advertisement an attacker has injected into an advertising network could be exploited.<br /><br /><h3 id=\"h.iughuzwb6gbk\">CVE-2017-8735 - Microsoft Edge Spoofing Vulnerability</h3><br />A vulnerability in Edge has been identified that could allow an attacker to spoof content on a targeted host. This vulnerability manifests due to improper parsing of HTTP content. Successful exploitation of this vulnerability would result in the user being redirected to a web site of the attacker's choosing. This web site could then spoof content or serve as part of an exploit chain whereby the user could be exploited via another vulnerability. Scenarios where a user could be attacked include email or instant message vectors where the user clicks on a malicious link, or if the user navigates to a specially crafted web page under the control of the attacker.<br /><br /><h2 id=\"h.oka11wrn5dcu\">Coverage</h2><br />In response to these vulnerability disclosures, Talos is releasing the following rules to address these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on <a href=\"https://snort.org/products\">Snort.org</a>.<br /><br /><b>Snort Rules:</b><br /><ul><li>42285-42286</li><li>42311-42312</li><li>42749-42750</li><li>44331-44336</li><li>44338-44343</li><li>44349-44350</li><li>44353-44357</li></ul><div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=Gck7dmdECXk:Kp7QhKuWcqI:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/Gck7dmdECXk\" height=\"1\" width=\"1\" alt=\"\"/>", "cvss3": {}, "published": "2017-09-12T15:41:00", "title": "Microsoft Patch Tuesday - September 2017", "type": "talosblog", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-0161", "CVE-2017-11761", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8567", "CVE-2017-8593", "CVE-2017-8597", "CVE-2017-8628", "CVE-2017-8629", "CVE-2017-8630", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8704", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8725", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8731", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8742", "CVE-2017-8743", "CVE-2017-8744", "CVE-2017-8745", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8758", "CVE-2017-8759", "CVE-2017-9417"], "modified": "2017-09-12T22:44:10", "id": "TALOSBLOG:36D857BF71D07CAE276BCB26AC34D574", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/Gck7dmdECXk/ms-tuesday.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2017-09-25T14:43:29", "description": "![](http://blog.trendmicro.com/wp-content/uploads/2017/08/TippingPoint-300x205.jpg)\n\nIn last week\u2019s [blog](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-september-4-2017/>), I mentioned the Apache Struts vulnerability, which is still making headlines as estimates show that as many as 65 percent of Fortune 500 companies use it in some form. In addition, Equifax claims [it has played a role](<https://www.equifaxsecurity2017.com/2017/09/13/progress-update-consumers-4/>) in their breach affecting more than 143 million Americans.\n\nOn July 11, 2017, Digital Vaccine\u00ae (DV) filter 29068 (HTTP: Apache Struts 2 Struts 1 Plugin Remote Code Execution Vulnerability) was shipped to customers using TippingPoint solutions to address a vulnerability in Struts. Once the TippingPoint DVLabs team discovered the exploit code for CVE-2017-12611, it was tested and the team found that DV filter 29068 effectively covered this vulnerability while it was still a 0-day for nearly two months! Looking at data from a small percentage of customers using TippingPoint solutions, the DVLabs team has seen significant activity from filter 29068, including a mixture of both scanning/fingerprinting attempts of the vulnerability, as well as actual exploit attempts. Since this DV filter was available since July, customers have been able to use it as a virtual patch to protect their networks while they work out their process to patch the Apache vulnerability and make other system and policy adjustments.\n\nFor more information on the Apache Struts vulnerability and Trend Micro coverage, please reference the following blogs:\n\n| \n\n * [CVE-2017-5638: Apache Struts 2 Vulnerability Leads to Remote Code Execution](<http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/>)\n * [New Apache Struts Vulnerability Could Be Worse than POODLE](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/new-apache-struts-vulnerability-could-be-worse-than-poodle>) \n---|--- \n| \n \n**TippingPoint\u00ae Threat Management Center (TMC) and ThreatLinQ Planned System Outage Notification**\n\nEffective Sunday, September 24, 2017, Trend Micro is introducing an enhanced License Manager feature to allow for easier management of licenses for the TippingPoint Threat Protection System (TPS) family of products. In order to deploy the new feature, both the Threat Management Center (TMC) and ThreatLinQ Web sites will be intermittently unavailable during the following dates and times:\n\n**From** | **Time** | **To** | **Time** \n---|---|---|--- \nFriday, September 22, 2017 | 7:00 PM (CDT) | Sunday, September 24, 2017 | 8:00 PM (CDT) \nSaturday, September 23, 2017 | 12:00 AM (UTC) | Monday, September 25, 2017 | 1:00 AM (UTC) \n \n \n\nDuring the upgrade window, the Security Management System (SMS), Intrusion Prevention System (IPS), Next Generation Firewall (NGFW), Threat Protection System (TPS) and ArcSight Enterprise Security Manager (ESM) connectivity to the TMC will be intermittently unavailable. This will prevent Digital Vaccine (DV), Threat Digital Vaccine (ThreatDV), Reputation Security Monitor (RepSM) and TippingPoint Operating System (TOS) updates from occurring until the upgrade is completed. Customers with any questions or concerns can contact the TippingPoint Technical Assistance Center (TAC).\n\n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before September 12, 2017. Microsoft released a whopping 81 security patches for September covering Windows, Internet Explorer (IE), Edge, Exchange, .NET Framework, Office, and Hyper-V. 26 of the patches are listed as Critical, 53 are rated Important, and two are Moderate in severity. 10 of the Microsoft CVEs came through the Zero Day Initiative program. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [September 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/9/12/the-september-2017-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-0161 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8567 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8597 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8628 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8629 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8630 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8631 | 29599 | \nCVE-2017-8632 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8643 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8648 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8649 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8660 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8675 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8676 | *28226 | \nCVE-2017-8677 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8678 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8679 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8680 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8681 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8682 | 29569 | \nCVE-2017-8683 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8684 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8685 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8686 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8687 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8688 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8692 | *28737 | \nCVE-2017-8695 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8696 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8699 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8702 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8704 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8706 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8707 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8708 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8709 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8710 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8711 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8712 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8713 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8714 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8716 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8719 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8720 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8723 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8724 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8725 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8728 | 29574 | \nCVE-2017-8729 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8731 | 29577 | \nCVE-2017-8733 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8734 | 29579 | \nCVE-2017-8735 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8736 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8737 | *28736 | \nCVE-2017-8738 | *28981 | \nCVE-2017-8739 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8740 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8741 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8742 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8743 | *29153 | \nCVE-2017-8744 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8745 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8746 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8747 | 29581 | \nCVE-2017-8748 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8749 | 29575 | \nCVE-2017-8750 | 29576 | \nCVE-2017-8751 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8752 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8753 | 29573 | \nCVE-2017-8754 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8755 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8756 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8757 | 29578 | \nCVE-2017-8758 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8759 | 29600 | \nCVE-2017-9417 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11761 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11764 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11766 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Mobile Pwn2Own 2017 Returns to Tokyo!**\n\nThe Zero Day Initiative is pleased to announce the sixth annual Mobile Pwn2Own\u2122 competition will return at this year\u2019s [PacSec](<https://pacsec.jp/>) conference in Tokyo on November 1-2, 2017. The tradition of crowning a Master of Pwn will also return as some of the world\u2019s top security researchers demonstrate attacks on the most popular mobile devices. More than $500,000 USD will be available in the prize pool, with add-on bonuses for exploits that meet a higher bar of difficulty. For details on targets and challenges as well as the complete set of rules, click [here](<https://www.zerodayinitiative.com/blog/2017/8/24/mobile-pwn2own-2017-returns-to-tokyo>).\n\n**Zero-Day Filters**\n\nThere are 18 new zero-day filters covering seven vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Adobe (1)_**\n\n| \n\n * 29584: ZDI-CAN-5034: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)**_ _** \n---|--- \n| \n \n**_Delta (1)_**\n\n| \n\n * 29557: HTTP: Delta Industrial Automation WPLSoft File Parser Usage (ZDI-17-698) \n---|--- \n| \n \n**_Eaton (1)_**\n\n| \n\n * 29558: HTTP: Eaton ELCSoft Buffer Overflow Vulnerability (ZDI-17-519) \n---|--- \n| \n \n**_Foxit (12)_**\n\n| \n\n * 29544: ZDI-CAN-5016: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29545: ZDI-CAN-5017: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29546: ZDI-CAN-5018: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29552: ZDI-CAN-5019: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29553: ZDI-CAN-5020,5027,5029: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29555: ZDI-CAN-5021: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29556: ZDI-CAN-5022: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29559: ZDI-CAN-5023: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29563: ZDI-CAN-5024: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29564: ZDI-CAN-5025: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29565: ZDI-CAN-5026: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29566: ZDI-CAN-5028: Zero Day Initiative Vulnerability (Foxit Reader) \n---|--- \n| \n \n**_Mitsubishi Electric (1)_**\n\n| \n\n * 29448: HTTP: Mitsubishi Electric E-Designer SetupAlarm Font Buffer Overflow Vulnerability (ZDI-17-508) \n---|--- \n| \n \n**_Schneider Electric (1)_**\n\n| \n\n * 29550: HTTP: Schneider Electric U.motion Builder SOAP Request SQL Command Execution (ZDI-17-387) \n---|--- \n| \n \n**_Trend Micro (1)_**\n\n| \n\n * 29452: HTTP: Trend Micro Control Manager cgiShowClientAdm Authentication Request (ZDI-17-244) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-september-4-2017/>).", "cvss3": {}, "published": "2017-09-15T14:59:53", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of September 11, 2017", "type": "trendmicroblog", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-0161", "CVE-2017-11761", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-12611", "CVE-2017-5638", "CVE-2017-8567", "CVE-2017-8597", "CVE-2017-8628", "CVE-2017-8629", "CVE-2017-8630", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8704", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8725", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8731", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8742", "CVE-2017-8743", "CVE-2017-8744", "CVE-2017-8745", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8758", "CVE-2017-8759", "CVE-2017-9417"], "modified": "2017-09-15T14:59:53", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-september-11-2017/", "id": "TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mskb": [{"lastseen": "2022-08-24T11:06:32", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 3 for Microsoft Word Viewer 2003](<http://www.microsoft.com/en-us/download/details.aspx?id=7176>) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011134>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download the security update KB4011134 for the 32-bit version of Word Viewer](<http://www.microsoft.com/download/details.aspx?familyid=08cec781-2b87-44e9-bbf7-ca0579015b66>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 3203484](<http://support.microsoft.com/kb/3203484>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \noffice2003-kb4011134-fullfile-enu.exe| 75343BA6CF3FE0E3F4A03D9C2A5ACE69C47CFC2F| 70B3ADF002B5E17046BE7FFF8CC460FB1AB6E6D3CAC1E000C4FFF7E03F247976 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Word Viewer| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \n_3c144d0d917c41e981e59d9c18e43e88.40d5ce2532074296b6dd2138d9286013| 11.0.8443.0| 1,715,968| 24-Aug-2017| 20:21| Not applicable \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Word Viewer: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695"], "modified": "2017-09-12T07:00:00", "id": "KB4011134", "href": "https://support.microsoft.com/en-us/help/4011134", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:35", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 3 for the 2007 Microsoft Office Suite](<http://support.microsoft.com/kb/949585>) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213641>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download the security update KB3213641 for the 32-bit version of 2007 Microsoft Office Suite](<http://www.microsoft.com/download/details.aspx?familyid=1cb6ed3b-e7b0-48e0-8316-f65b173d44f9>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nogl2007-kb3213641-fullfile-x86-glb.exe| D13D019186B930C8A3E3072195597A4D9ACF53A7| BBCDAFCA1F8E970BBFAC8046BBFF5992728A58B9C730CE01D3D2135CB3316F54 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of 2007 Microsoft Office Suite| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nOgl.dll| 12.0.6776.5000| 1,591,008| 24-Aug-2017| 13:25| x86 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for 2007 Microsoft Office Suite: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695"], "modified": "2017-09-12T07:00:00", "id": "KB3213641", "href": "https://support.microsoft.com/en-us/help/3213641", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:35", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 2 for Office 2010](<http://support.microsoft.com/kb/2687455>) installed on the computer.**Note** This security update does not apply on systems running Windows Vista, Windows Server 2008, or later versions of Windows.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213638>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download the security update KB3213638 for the 32-bit version of Office 2010](<http://www.microsoft.com/download/details.aspx?familyid=eed7d070-3dc7-4e28-883f-fc6019711a90>)\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download the security update KB3213638 for the 64-bit version of Office 2010](<http://www.microsoft.com/download/details.aspx?familyid=8edba895-537d-4be9-908b-d8626d021961>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nogl2010-kb3213638-fullfile-x86-glb.exe| 99102DB40319F4BFCC8211863422EBF99B34E0F3| 105190E0182C4DD9B7FC0FEC61E8BA38C0A060DF176DE4EDD96F81354C474EF1 \nogl2010-kb3213638-fullfile-x64-glb.exe| 3786A8FB0E1E5884A055B4F5AB3E36B4D8FF81F1| C9C6DD21464D4755EFA089C6C753EEA4236AACA1FF2C71D31630C17F29B5BA18 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Office 2010| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nogl.dll| ogl.dll| 14.0.7188.5000| 1,601,760| 26-Aug-2017| 01:04 \nFor all supported x64-based versions of Office 2010File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nogl.dll| ogl.dll| 14.0.7188.5000| 2,116,312| 26-Aug-2017| 01:01 \nogl.dll.x86| ogl.dll| 14.0.7188.5000| 1,601,760| 26-Aug-2017| 01:04 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office 2010: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695"], "modified": "2017-09-12T07:00:00", "id": "KB3213638", "href": "https://support.microsoft.com/en-us/help/3213638", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:20:19", "description": "None\n## Summary\n\nAn information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. \n \nTo learn more about the vulnerability, see [CVE-2017-8708](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8708>).\n\n## More Information\n\nImportant \n\n\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## How to obtain and install the update \n\n### Method 1: Windows Update\n\nThis update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see [Windows Update: FAQ](<https://www.microsoft.com/en-us/safety/pc-security/updates.aspx>). \n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=4038874>) website. \n\n\n## Deployment information\n\nFor deployment details for this security update, go to the following article in the Microsoft Knowledge Base: \n[Security update deployment information: September 12, 2017](<http://support.microsoft.com/en-us/help/20170912>)\n\n## More Information\n\n \n**File information** \n \nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. \n \n**Windows Server 2008 file information**\n\n**Note: **The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n## How to obtain help and support for this security update\n\nHelp for installing updates: [Windows Update: FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>) \n\n\n## File Information\n\n## File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows6.0-KB4038874-ia64.msu| 153A6A894A8A9A2E78D5F5DF79CA1BA4A3048EB7| 855584EBB55266D3848AD9665822FECB5DF1BCB4E8AB9EDE048DB547FF4CC9A7 \nWindows6.0-KB4038874-x86.msu| D5678A15810E74DBDB24DBEC261B1FC0E1470E87| F32818D858F03444008B273DFD1752BDA33B2E4EE322168CAE111EC12FEA8254 \nWindows6.0-KB4038874-x64.msu| 21C91D6C26DB6C3EA1F7B3D253E2E08AE25576FC| EF12F9BD90CA2D9486A1954C6B80002605634717F08C24EC40FE6F09AEEFAFE0 \n \n## For all supported ia64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform**| **Service branch** \n---|---|---|---|---|---|--- \nAdvapi32.dll.mui| 6.0.6002.19598| 373,760| 06-Feb-2016| 03:25| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 255,488| 06-Feb-2016| 01:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,536| 06-Feb-2016| 03:04| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 352,768| 06-Feb-2016| 04:03| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 349,696| 06-Feb-2016| 03:43| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 346,624| 06-Feb-2016| 04:20| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 338,944| 06-Feb-2016| 03:21| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24180| 373,760| 13-Aug-2017| 22:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24180| 255,488| 13-Aug-2017| 19:46| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24180| 385,536| 13-Aug-2017| 22:05| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24180| 352,768| 13-Aug-2017| 22:04| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24180| 349,696| 13-Aug-2017| 21:59| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24180| 346,624| 13-Aug-2017| 22:10| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24180| 338,944| 13-Aug-2017| 22:07| Not applicable| Not applicable \nAdvapi32.dll| 6.0.6002.19598| 1,964,544| 06-Feb-2016| 01:39| IA-64| Not applicable \nAdvapi32.dll| 6.0.6002.24180| 1,963,520| 13-Aug-2017| 19:34| IA-64| Not applicable \nCsrsrv.dll| 6.0.6002.19680| 145,920| 12-Aug-2016| 18:54| IA-64| Not applicable \nCsrsrv.dll| 6.0.6002.24180| 150,016| 13-Aug-2017| 19:34| IA-64| Not applicable \nNtdll.dll| 6.0.6002.19623| 2,575,672| 21-Mar-2016| 22:52| IA-64| Not applicable \nNtdll.dll| 6.0.6002.24180| 2,551,536| 14-Aug-2017| 19:47| IA-64| Not applicable \nNtoskrnl.exe| 6.0.6002.19858| 9,484,520| 11-Aug-2017| 02:03| IA-64| Not applicable \nNtoskrnl.exe| 6.0.6002.24180| 9,469,672| 13-Aug-2017| 19:57| IA-64| Not applicable \nRpcrt4.dll| 6.0.6002.19598| 3,298,816| 06-Feb-2016| 01:41| IA-64| Not applicable \nRpcrt4.dll| 6.0.6002.24180| 3,289,088| 13-Aug-2017| 19:36| IA-64| Not applicable \nSmss.exe| 6.0.6002.19598| 159,232| 06-Feb-2016| 00:36| IA-64| Not applicable \nSmss.exe| 6.0.6002.24180| 159,232| 13-Aug-2017| 14:29| IA-64| Not applicable \nIa32exec.bin| 6.5.6524.0| 8,262,048| 07-May-2014| 23:57| Not applicable| IA64_MICROSOFT-WINDOWS-WOW \nNtvdm64.dll| 6.0.6002.19598| 27,648| 06-Feb-2016| 01:41| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64.dll| 6.0.6002.19598| 524,288| 06-Feb-2016| 01:42| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64cpu.dll| 6.0.6002.19598| 43,008| 06-Feb-2016| 01:42| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64win.dll| 6.0.6002.19598| 617,984| 06-Feb-2016| 01:42| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWowia32x.dll| 6.5.6563.0| 88,576| 06-Feb-2016| 01:42| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nIa32exec.bin| 6.5.6524.0| 8,262,048| 07-Mar-2016| 23:41| Not applicable| IA64_MICROSOFT-WINDOWS-WOW \nNtvdm64.dll| 6.0.6002.24180| 27,648| 13-Aug-2017| 19:35| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64.dll| 6.0.6002.24180| 524,288| 13-Aug-2017| 19:36| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64cpu.dll| 6.0.6002.24180| 43,008| 13-Aug-2017| 19:36| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64win.dll| 6.0.6002.24180| 617,984| 13-Aug-2017| 19:36| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWowia32x.dll| 6.5.6563.0| 88,576| 13-Aug-2017| 19:36| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nNtdll.dll| 6.0.6002.19623| 1,171,488| 21-Mar-2016| 22:52| x86| Not applicable \nNtdll.dll| 6.0.6002.24180| 1,168,392| 14-Aug-2017| 19:47| x86| Not applicable \nRpcrt4.dll| 6.0.6002.19598| 679,424| 06-Feb-2016| 02:12| x86| Not applicable \nRpcrt4.dll| 6.0.6002.24180| 678,912| 13-Aug-2017| 19:37| x86| Not applicable \nAcwow64.dll| 6.0.6002.19598| 43,008| 06-Feb-2016| 02:11| x86| WOW64_MICROSOFT-WINDOWS-WOW \nInstnm.exe| 6.0.6002.19598| 7,680| 06-Feb-2016| 00:32| x86| WOW64_MICROSOFT-WINDOWS-WOW \nNtvdm64.dll| 6.0.6002.19598| 14,336| 06-Feb-2016| 02:12| x86| WOW64_MICROSOFT-WINDOWS-WO